From 01321bf50c3310776a24d7247c08705c18e3a856 Mon Sep 17 00:00:00 2001
From: Roger Oriol <rogi23696@gmail.com>
Date: Tue, 23 Jun 2026 00:31:04 +0200
Subject: [PATCH] nas ingress

---
 nas/ingress.yaml   | 40 +++++++++++++++++++++++++++++++---------
 nas/nas.yaml       | 31 -------------------------------
 nas/transport.yaml |  8 ++++++++
 3 files changed, 39 insertions(+), 40 deletions(-)
 delete mode 100644 nas/nas.yaml
 create mode 100644 nas/transport.yaml

diff --git a/nas/ingress.yaml b/nas/ingress.yaml
index 206c2a3..cd36870 100644
--- a/nas/ingress.yaml
+++ b/nas/ingress.yaml
@@ -1,11 +1,33 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nas-proxy
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: synology-nas
+  namespace: nas-proxy
+spec:
+  type: ExternalName
+  externalName: "10.88.30.10"
+  ports:
+  - port: 5001
+    targetPort: 5001
+    protocol: TCP
+---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: nas
-  namespace: nas
+  namespace: nas-proxy
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
-    # Allow large file uploads (5GB) for NAS
+    # Tell Traefik the backend is HTTPS (DSM uses HTTPS on 5001)
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    # Skip backend TLS verification since DSM uses a self-signed cert
+    traefik.ingress.kubernetes.io/service.serversscheme: https
+    traefik.ingress.kubernetes.io/service.serverstransport: skip-verify@file
     traefik.ingress.kubernetes.io/max-request-body-bytes: "5368709120"
 spec:
   ingressClassName: traefik
@@ -17,10 +39,10 @@ spec:
   - host: nas.rogi.casa
     http:
       paths:
-        - path: /
-          pathType: Prefix
-          backend:
-            service:
-              name: external-ip
-              port:
-                number: 80
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: synology-nas
+            port:
+              number: 5001
diff --git a/nas/nas.yaml b/nas/nas.yaml
deleted file mode 100644
index 57c0fa0..0000000
--- a/nas/nas.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: nas
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: external-ip
-  namespace: nas
-spec:
-  ports:
-  - name: app
-    port: 80
-    protocol: TCP
-    targetPort: 5000
-  clusterIP: None
-  type: ClusterIP
----
-apiVersion: v1
-kind: Endpoints
-metadata:
-  name: external-ip
-  namespace: nas
-subsets:
-- addresses:
-  - ip: 10.88.88.238
-  ports:
-  - name: app
-    port: 5000
-    protocol: TCP
diff --git a/nas/transport.yaml b/nas/transport.yaml
new file mode 100644
index 0000000..a149c3e
--- /dev/null
+++ b/nas/transport.yaml
@@ -0,0 +1,8 @@
+# nas-transport.yaml
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: skip-verify
+  namespace: nas-proxy
+spec:
+  insecureSkipVerify: true