apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: apolo-backend-websocket
  namespace: apolo
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"

    # Mantener conexiones WS mucho tiempo
    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"

    # (Opcional) Desactiva buffering para WS
    nginx.ingress.kubernetes.io/proxy-buffering: "off"

    # En Traefik ponías X-Forwarded-Proto=wss; replicamos eso:
    nginx.ingress.kubernetes.io/configuration-snippet: |
      proxy_set_header X-Forwarded-Proto wss;

    # Misma ACL que tu backend (sólo VPN/LAN)
    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.200.0/24,10.244.0.0/16,192.168.4.0/24"
spec:
  ingressClassName: nginx
  rules:
    - host: backend.apolo.c2et.net
      http:
        paths:
          - path: /app
            pathType: Prefix
            backend:
              service:
                name: apolo-websocket
                port:
                  number: 6001