Setup Ingress to redirect security.txt
Security has a requirement that all domains where the Ministry of Justice (MoJ) is primarily responsible
for cyber security must redirect the /.well-known/security.txt location to the central security.txt.
Refer security guidance here.
The approach below is one way to handle these redirects, but you can handle those redirects yourself inside your application if you wish to.
To setup a permanent redirect to the central security.txt,
create a new ingress-redirect.yaml with the annotation
metadata: annotations: nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txtAn example is shown below:
--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: helloworld-rubyapp-ingress-security-txt-redirect annotations: external-dns.alpha.kubernetes.io/set-identifier: <ingress-name>-<namespace-name>-<blue/green> external-dns.alpha.kubernetes.io/aws-weight: "100" nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt spec: ingressClassName: default tls: - hosts: - helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk rules: - host: helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk http: paths: - path: /.well-known/security.txt pathType: ImplementationSpecific backend: service: name: rubyapp-service port: number: 4567Apply your
ingress-redirect.yamlfile to the cluster
kubectl -n <my-namespace> apply -f ingress-redirect.yaml
This page was last reviewed on 2 September 2024.
It needs to be reviewed again on 2 March 2025
by the page owner #cloud-platform
.
This page was set to be reviewed before 2 March 2025
by the page owner #cloud-platform.
This might mean the content is out of date.