SSL with Nginx and Play Framwork 2.2.x

Question

I'm running my Play application on Amazon EC2 on port 9000. I configured Nginx as a reverse proxy listening on port 443.

Here is my nginx configuration :

proxy_buffering        off;
proxy_set_header       X-Real-IP $remote_addr;
proxy_set_header       X-Scheme $scheme;
proxy_set_header       X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header       Host $http_host;
proxy_http_version     1.1;

upstream my-app {
    server 127.0.0.1:9000;
}

server {
    server_name www.my-app.com my-app.com;
    rewrite ^(.*) https://www.my-app.com$1 permanent;
}

server {
    listen               443;
    ssl                  on;
    ssl_certificate      /home/my-app.com/certificate.crt;
    ssl_certificate_key  /home/my-app.com/certificate.key;
    keepalive_timeout    70;
    server_name          www.my-app.com;
    location / {
        proxy_pass       http://my-app;
    }
}

My question is : do I need to launch my Play app with HTTPS instead of HTTP or is it enough to set SSL at nginx level ? Given the fact that I want all my pages to be opened via HTTPS.

Thanks.

Answer 1

You don't need to use SSL connection between proxy and app, anyway in such case make sure that app port is NOT accessible from the world - most probably with Amazon's security rules (or some firewall in case of using other provider/OS).