Setup Ingress to redirect security.txt

Security has a requirement that all domains where the Ministry of Justice (MoJ) is primarily responsible for cyber security must redirect the /.well-known/security.txt location to the central security.txt. Refer security guidance here.

The approach below is one way to handle these redirects, but you can handle those redirects yourself inside your application if you wish to.

To setup a permanent redirect to the central security.txt,

• create a new ingress-redirect.yaml with the annotation

  metadata:
  annotations:
      nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt
  

  An example is shown below:

  ---
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
  name: helloworld-rubyapp-ingress-security-txt-redirect
  annotations:
      external-dns.alpha.kubernetes.io/set-identifier: <ingress-name>-<namespace-name>-<blue/green>
      external-dns.alpha.kubernetes.io/aws-weight: "100"
      nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt
  spec:
  ingressClassName: default
  tls:
  - hosts:
      - helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk
  rules:
  - host: helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk
      http:
      paths:
      - path: /.well-known/security.txt
        pathType: ImplementationSpecific
          backend:
            service:
              name: rubyapp-service
              port:
                number: 4567
  

• Apply your ingress-redirect.yaml file to the cluster

  kubectl -n <my-namespace> apply -f ingress-redirect.yaml

This page was last reviewed on 5 March 2025. It needs to be reviewed again on 5 September 2025 by the page owner #cloud-platform .