docs: Add Windows OCR dependencies and fix IIS API error handling
- Add OCR installation instructions for Windows (Poppler, Tesseract, PaddleOCR) - Add troubleshooting section for common OCR errors on Windows - Fix web.config.data-entry to use existingResponse="Auto" instead of "Replace" This allows FastAPI JSON error responses to pass through IIS unchanged - Update system requirements to recommend 16GB RAM for OCR workloads 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
161
deployment/windows/config/web.config.data-entry
Normal file
161
deployment/windows/config/web.config.data-entry
Normal file
@@ -0,0 +1,161 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
ROA2WEB Data Entry App - IIS Web Configuration
|
||||
|
||||
This configuration enables:
|
||||
- SPA routing for Vue.js (all routes fallback to index.html)
|
||||
- Reverse proxy for /api/* to Data Entry backend FastAPI service (localhost:8003)
|
||||
- Compression and caching for optimal performance
|
||||
- Security headers
|
||||
|
||||
Prerequisites:
|
||||
- IIS URL Rewrite Module: https://www.iis.net/downloads/microsoft/url-rewrite
|
||||
- IIS Application Request Routing (ARR): https://www.iis.net/downloads/microsoft/application-request-routing
|
||||
|
||||
This is for the Data Entry sub-application at /data-entry
|
||||
-->
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
|
||||
<!-- Static Content Compression -->
|
||||
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
|
||||
|
||||
<!-- Default Document -->
|
||||
<defaultDocument>
|
||||
<files>
|
||||
<clear />
|
||||
<add value="index.html" />
|
||||
</files>
|
||||
</defaultDocument>
|
||||
|
||||
<!-- Static Content Settings -->
|
||||
<staticContent>
|
||||
<!-- Enable MIME types for modern web assets -->
|
||||
<!-- Remove first to avoid duplicates, then add -->
|
||||
<remove fileExtension=".json" />
|
||||
<mimeMap fileExtension=".json" mimeType="application/json" />
|
||||
<remove fileExtension=".woff" />
|
||||
<mimeMap fileExtension=".woff" mimeType="application/font-woff" />
|
||||
<remove fileExtension=".woff2" />
|
||||
<mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
|
||||
<remove fileExtension=".svg" />
|
||||
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
|
||||
<remove fileExtension=".webmanifest" />
|
||||
<mimeMap fileExtension=".webmanifest" mimeType="application/manifest+json" />
|
||||
|
||||
<!-- Client-side caching for static assets -->
|
||||
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
|
||||
</staticContent>
|
||||
|
||||
<!-- Custom HTTP Headers (Security) -->
|
||||
<httpProtocol>
|
||||
<customHeaders>
|
||||
<!-- Security Headers -->
|
||||
<add name="X-Frame-Options" value="DENY" />
|
||||
<add name="X-Content-Type-Options" value="nosniff" />
|
||||
<add name="X-XSS-Protection" value="1; mode=block" />
|
||||
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" />
|
||||
<add name="Permissions-Policy" value="geolocation=(), microphone=(), camera=()" />
|
||||
|
||||
<!-- Content Security Policy (adjust as needed) -->
|
||||
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:" />
|
||||
|
||||
<!-- Remove Server header for security -->
|
||||
<remove name="X-Powered-By" />
|
||||
</customHeaders>
|
||||
</httpProtocol>
|
||||
|
||||
<!-- URL Rewrite Rules -->
|
||||
<rewrite>
|
||||
<rules>
|
||||
|
||||
<!-- Rule 1: Force HTTPS (redirect HTTP to HTTPS) -->
|
||||
<rule name="Force HTTPS" stopProcessing="true">
|
||||
<match url="(.*)" />
|
||||
<conditions>
|
||||
<add input="{HTTPS}" pattern="off" />
|
||||
</conditions>
|
||||
<action type="Redirect" url="https://{HTTP_HOST}/data-entry/{R:1}" redirectType="Permanent" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 2: Reverse Proxy for API Requests to Data Entry Backend (port 8003) -->
|
||||
<rule name="Data Entry API Reverse Proxy" stopProcessing="true">
|
||||
<match url="^api/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8003/api/{R:1}" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 3: Health Check Endpoint -->
|
||||
<rule name="Health Check Proxy" stopProcessing="true">
|
||||
<match url="^health$" />
|
||||
<action type="Rewrite" url="http://localhost:8003/health" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 4: Don't rewrite if file exists (static assets) -->
|
||||
<rule name="StaticContent" stopProcessing="true">
|
||||
<match url=".*" />
|
||||
<conditions>
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" />
|
||||
</conditions>
|
||||
<action type="None" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 5: Don't rewrite if directory exists -->
|
||||
<rule name="StaticDirectory" stopProcessing="true">
|
||||
<match url=".*" />
|
||||
<conditions>
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" />
|
||||
</conditions>
|
||||
<action type="None" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 6: SPA Routing - Rewrite all other requests to index.html -->
|
||||
<rule name="SPA Fallback" stopProcessing="true">
|
||||
<match url=".*" />
|
||||
<conditions logicalGrouping="MatchAll">
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
|
||||
<add input="{REQUEST_URI}" pattern="^/data-entry/api" negate="true" />
|
||||
</conditions>
|
||||
<action type="Rewrite" url="index.html" />
|
||||
</rule>
|
||||
|
||||
</rules>
|
||||
|
||||
<!-- Outbound Rules (optional - for modifying responses) -->
|
||||
<outboundRules>
|
||||
<rule name="Add HSTS Header" preCondition="IsHTTPS">
|
||||
<match serverVariable="RESPONSE_Strict-Transport-Security" pattern=".*" />
|
||||
<action type="Rewrite" value="max-age=31536000; includeSubDomains" />
|
||||
</rule>
|
||||
<preConditions>
|
||||
<preCondition name="IsHTTPS">
|
||||
<add input="{HTTPS}" pattern="on" />
|
||||
</preCondition>
|
||||
</preConditions>
|
||||
</outboundRules>
|
||||
</rewrite>
|
||||
|
||||
<!-- Error Pages -->
|
||||
<!-- Use Auto to pass through backend API errors unchanged (JSON) while still handling IIS errors -->
|
||||
<httpErrors errorMode="Custom" existingResponse="Auto">
|
||||
<!-- 404 - Not Found: Serve index.html for SPA routing -->
|
||||
<remove statusCode="404" subStatusCode="-1" />
|
||||
<error statusCode="404" path="index.html" responseMode="ExecuteURL" />
|
||||
|
||||
<!-- 500 - Internal Server Error -->
|
||||
<remove statusCode="500" subStatusCode="-1" />
|
||||
<error statusCode="500" path="index.html" responseMode="ExecuteURL" />
|
||||
</httpErrors>
|
||||
|
||||
<!-- Disable directory browsing -->
|
||||
<directoryBrowse enabled="false" />
|
||||
|
||||
</system.webServer>
|
||||
|
||||
<!-- System.web for ASP.NET settings (if needed) -->
|
||||
<system.web>
|
||||
<compilation debug="false" targetFramework="4.8" />
|
||||
<httpRuntime targetFramework="4.8" maxRequestLength="10240" executionTimeout="300" />
|
||||
</system.web>
|
||||
|
||||
</configuration>
|
||||
Reference in New Issue
Block a user