1. Home
  2. Documentation
  3. Cloud Platform User Guide
  4. Setup Ingress to redirect security.txt

Setup Ingress to redirect security.txt

Security has a requirement that all domains where the Ministry of Justice (MoJ) is primarily responsible for cyber security must redirect the /.well-known/security.txt location to the central security.txt. Refer security guidance here.

The approach below is one way to handle these redirects, but you can handle those redirects yourself inside your application if you wish to.

To setup a permanent redirect to the central security.txt,

  • create a new ingress-redirect.yaml with the annotation

    metadata:
annotations:
    nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt

    An example is shown below:

    ---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: helloworld-rubyapp-ingress-security-txt-redirect
annotations:
    external-dns.alpha.kubernetes.io/set-identifier: <ingress-name>-<namespace-name>-<blue/green>
    external-dns.alpha.kubernetes.io/aws-weight: "100"
    nginx.ingress.kubernetes.io/permanent-redirect: https://raw.githubusercontent.com/ministryofjustice/security-guidance/main/contact/vulnerability-disclosure-security.txt
spec:
ingressClassName: default
tls:
- hosts:
    - helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk
rules:
- host: helloworld-demo-app.apps.live.cloud-platform.service.justice.gov.uk
    http:
    paths:
    - path: /.well-known/security.txt
      pathType: ImplementationSpecific
        backend:
          service:
            name: rubyapp-service
            port:
              number: 4567

  • Apply your ingress-redirect.yaml file to the cluster

    kubectl -n <my-namespace> apply -f ingress-redirect.yaml
Last reviewed: 5 March 2025Review status: ✗ Review overdueOwner: #cloud-platformSource: View source on GitHub

Was this page useful?