Skip to main content

Setup Ingress to redirect security.txt

Security has a requirement that all domains where the Ministry of Justice (MoJ) is primarily responsible for cyber security must redirect the /.well-known/security.txt location to the central security.txt. Refer security guidance here.

The approach below is one way to handle these redirects, but you can handle those redirects yourself inside your application if you wish to.

To setup a permanent redirect to the central security.txt,

  • create a new ingress-redirect.yaml with the annotation

    metadata:
    annotations:
        nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt
    

    An example is shown below:

    ---
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
    name: helloworld-rubyapp-ingress-security-txt-redirect
    annotations:
        external-dns.alpha.kubernetes.io/set-identifier: <ingress-name>-<namespace-name>-<blue/green>
        external-dns.alpha.kubernetes.io/aws-weight: "100"
        nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt
    spec:
    ingressClassName: default
    tls:
    - hosts:
        - helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk
    rules:
    - host: helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk
        http:
        paths:
        - path: /.well-known/security.txt
          pathType: ImplementationSpecific
            backend:
              service:
                name: rubyapp-service
                port:
                  number: 4567
    
  • Apply your ingress-redirect.yaml file to the cluster

  kubectl -n <my-namespace> apply -f ingress-redirect.yaml
This page was last reviewed on 2 September 2024. It needs to be reviewed again on 2 March 2025 by the page owner #cloud-platform .
This page was set to be reviewed before 2 March 2025 by the page owner #cloud-platform. This might mean the content is out of date.