The universal drive to SSL-enable all web pages has reached the point where search engines now favor SSL-enabled web sites. You might have heard about free SSL certificates that are now available from LetsEncrypt.org. Those certificates work well for simple web sites which do not use cloud-based services such as content distribution networks (CDNs) for securely serving assets, however they do not provide any relief from cross-site scripting issues. CDNs are important for reducing latency and increasing scalability.
The old-school method of front-ending an application server like Tomcat or Play Framework with a web server like Apache httpd or nginx so static assets are served by the web server instead of a CDN provides poor latency. It is better to set up DNS entries for each cloud service so they can be addressed as subdomains of your main web site. This is the first step towards federating cloud services with your web site.
Free SSL certificates cannot be used to federate cloud-based services with a web site. Instead, a wildcard SSL certificate is required. Working with wildcard SSL certificates is significantly more complex than working with single-site SSL certificates. This course provides step-by-step instructions for provisioning a wildcard SSL certificate for web applications that are integrated with cloud-based assets, such as the Amazon Web Services CloudFront CDN. A working example web application written in Scala and using Play Framework 2.4 is provided, however most of this course is equally applicable to all web server technologies and does not require Play Framework, Scala or even a Java virtual machine. This course is equally applicable whether you host your web site on AWS EC2 or wtih any other hosting provider.
This course is important for devops, since it covers a mixture of operating system-level information, practical security guidelines, hands-on practice using cloud services and tips for Play Framework for Scala webapps. Up-to-date software tools are provided so students can enable SSL support using current best practices. Explicit directions are given so your web site can achieve a score of A+ in the SSL Labs Security assessment.
A lot of information from a variety of sources has been distilled into this course. Instead of taking weeks to figure things out, students that meet the prerequisites should be able to work through this course and fully deploy a wildcard SSL certificate to their Play Framework webapp and an associated AWS CloudFront distribution in one day.
This course does not discuss any special considerations for using wildcard SSL certificates with Play Framework WS SSL.
If you host, or want to host your application on AWS EC2 using the latest features for scalability and reliability, please enroll in the short follow-on course Realistic AWS EC2 Configuration for Wildcard SSL Certificates.
bashshell running on a Debian-compatible server, for example an Ubuntu server hosted on Amazon Web Services, Digital Ocean, Google Cloud or Microsoft Azure.
Introduction to Play Framework 2 for Scala course or equivalent is recommended to be able to understand the Play-specific content.
The video on the front page of this web site discusses how to study this course. The transcript tab contains the same information as the video in written form.
|2016-02-03||Reverse Proxies and Firewalls||Added status 500 and 503 pages to Pound configuration|
|2016-01-15||Test Wildcard SSL Setup||First published transcript and video|
|2015-12-26||Going Live||Hived from AWS CloudFront Support for Wildcard SSL Certificates|
|2015-12-19||Obtaining and Installing a Wildcard SSL Certificate||Published video|
|2015-12-09||First Steps||Published video|
|2015-12-08||Reverse Proxies and Firewalls||Published video|
|2015-12-06||Reverse Proxies and Firewalls||Hived from the First Steps lecture|
|2015-11-11||AWS CloudFront Support for Wildcard SSL Certificates||Hived from the First Steps lecture|