Skip to main content

Setup Ingress to redirect security.txt

Security has a requirement that all domains where the Ministry of Justice (MoJ) is primarily responsible for cyber security must redirect the /.well-known/security.txt location to the central security.txt. Refer security guidance here.

The approach below is one way to handle these redirects, but you can handle those redirects yourself inside your application if you wish to.

To setup a permanent redirect to the central security.txt,

  • create a new ingress-redirect.yaml with the annotation

    metadata:
    annotations:
        nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt
    

    An example is shown below:

    ---
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
    name: helloworld-rubyapp-ingress-security-txt-redirect
    annotations:
        kubernetes.io/ingress.class: nginx
        external-dns.alpha.kubernetes.io/set-identifier: <ingress-name>-<namespace-name>-<blue/green>
        external-dns.alpha.kubernetes.io/aws-weight: "100"
        nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt
    spec:
    tls:
    - hosts:
        - helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk
    rules:
    - host: helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk
        http:
        paths:
        - path: /.well-known/security.txt
          pathType: ImplementationSpecific
            backend:
              service:
                name: rubyapp-service
                port:
                  number: 4567
    
  • Apply your ingress-redirect.yaml file to the cluster

  kubectl -n <my-namespace> apply -f ingress-redirect.yaml
This page was last reviewed on 29 July 2022. It needs to be reviewed again on 29 October 2022 .
This page was set to be reviewed before 29 October 2022. This might mean the content is out of date.