First, follow steps listed in cert/README.md to generate self-signed certificate and private keys.

Next, download nginx and place cert in its root directory, also replace nginx.conf found in the conf directory.

To start and stop nginx, use commands below.

# start nginx
nginx

# stop nginx
nginx -s stop

Note that, in nginx.conf, we configure proxy_pass from HTTPS port 9005 to HTTP 9000 for both / for normal HTTP requests and /ws for websocket connection.

server {
    listen 9005 ssl;
    server_name localhost;

    ssl_certificate           ../cert/cert.crt;
    ssl_certificate_key       ../cert/cert.key;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    # access_log            logs/https.access.log;

    location / {
        proxy_pass          http://localhost:9000;
        # proxy_read_timeout  90;
        proxy_redirect      off;
    }

    location /ws {
        proxy_pass          http://localhost:9000;
        proxy_http_version  1.1;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    Connection "upgrade";
        proxy_read_timeout  86400;
    }
}

sbt ~run

Then, the backend will be available at 2 URLs:

# http
http://localhost:9000

# https proxied by nginx
https://localhost:9005

There is a script for the index.html which configures the websocket to connect to HTTPS port 9005.

var wsUrl = 'wss://localhost:9005/ws/orders/table/' + tableId;
ws = new WebSocket(wsUrl);

Note that, the HTTP port 9000 should work too. We can avoid exposing this HTTP port 9000 by randomizing this port number via startup script and set it to environment variable. With this, we can tweak the config files of Nginx and Play to make sure Play app can expose to the random port and Nginx can proxy to it.