Setup Ingress to redirect security.txt
Security has a requirement that all domains where the Ministry of Justice (MoJ) is primarily responsible
for cyber security must redirect the
/.well-known/security.txt location to the central
Refer security guidance here.
The approach below is one way to handle these redirects, but you can handle those redirects yourself inside your application if you wish to.
To setup a permanent redirect to the central
create a new ingress-redirect.yaml with the annotation
metadata: annotations: nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt
An example is shown below:
--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: helloworld-rubyapp-ingress-security-txt-redirect annotations: external-dns.alpha.kubernetes.io/set-identifier: <ingress-name>-<namespace-name>-<blue/green> external-dns.alpha.kubernetes.io/aws-weight: "100" nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt spec: ingressClassName: default tls: - hosts: - helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk rules: - host: helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk http: paths: - path: /.well-known/security.txt pathType: ImplementationSpecific backend: service: name: rubyapp-service port: number: 4567
ingress-redirect.yamlfile to the cluster
kubectl -n <my-namespace> apply -f ingress-redirect.yaml
This page was last reviewed on 10 February 2023. It needs to be reviewed again on 10 May 2023 .
This page was set to be reviewed before 10 May 2023. This might mean the content is out of date.