docs: Add Windows OCR dependencies and fix IIS API error handling
- Add OCR installation instructions for Windows (Poppler, Tesseract, PaddleOCR) - Add troubleshooting section for common OCR errors on Windows - Fix web.config.data-entry to use existingResponse="Auto" instead of "Replace" This allows FastAPI JSON error responses to pass through IIS unchanged - Update system requirements to recommend 16GB RAM for OCR workloads 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
@@ -125,6 +125,61 @@ dnf install -y \
|
|||||||
|
|
||||||
**Note:** PaddleOCR (engine principal) se instaleaza automat cu pip. Tesseract este folosit ca fallback.
|
**Note:** PaddleOCR (engine principal) se instaleaza automat cu pip. Tesseract este folosit ca fallback.
|
||||||
|
|
||||||
|
### OCR System Dependencies (Windows)
|
||||||
|
|
||||||
|
Pe Windows Server trebuie instalate manual urmatoarele componente:
|
||||||
|
|
||||||
|
#### 1. Poppler (pentru conversie PDF → imagini)
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
# Descarca Poppler pentru Windows
|
||||||
|
# https://github.com/osborn/poppler-windows/releases
|
||||||
|
# sau https://github.com/bblanchon/pdfium-binaries
|
||||||
|
|
||||||
|
# Extrage in C:\Program Files\poppler\
|
||||||
|
# Adauga la PATH: C:\Program Files\poppler\Library\bin
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 2. Tesseract OCR (engine OCR backup)
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
# Descarca installer de la:
|
||||||
|
# https://github.com/UB-Mannheim/tesseract/wiki
|
||||||
|
|
||||||
|
# Instaleaza cu limbile: English + Romanian
|
||||||
|
# Default path: C:\Program Files\Tesseract-OCR\
|
||||||
|
# Adauga la PATH
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 3. Python OCR Dependencies (in venv)
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
cd C:\inetpub\wwwroot\roa2web\data-entry-backend
|
||||||
|
.\venv\Scripts\activate
|
||||||
|
|
||||||
|
# Instaleaza dependentele OCR
|
||||||
|
pip install paddlepaddle>=2.5.0
|
||||||
|
pip install paddleocr>=2.7.0
|
||||||
|
pip install opencv-python>=4.8.0
|
||||||
|
pip install pytesseract>=0.3.10
|
||||||
|
pip install pdf2image>=1.16.0
|
||||||
|
|
||||||
|
# Sau din requirements.txt
|
||||||
|
pip install -r requirements.txt
|
||||||
|
```
|
||||||
|
|
||||||
|
#### 4. Restart serviciu
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
nssm restart ROA2WEB-DataEntry
|
||||||
|
```
|
||||||
|
|
||||||
|
**Note importante Windows:**
|
||||||
|
- Prima rulare PaddleOCR descarca modele (~200MB) - poate dura cateva minute
|
||||||
|
- PaddleOCR necesita ~2GB RAM disponibil
|
||||||
|
- Verifica PATH-ul pentru Poppler si Tesseract dupa instalare
|
||||||
|
- Restart serviciul backend dupa orice modificare PATH
|
||||||
|
|
||||||
### OCR API Endpoints
|
### OCR API Endpoints
|
||||||
|
|
||||||
| Method | Endpoint | Description |
|
| Method | Endpoint | Description |
|
||||||
@@ -270,6 +325,49 @@ Full API documentation available at http://localhost:8003/docs when backend is r
|
|||||||
2. Install system dependencies (tesseract, poppler)
|
2. Install system dependencies (tesseract, poppler)
|
||||||
3. Verify PaddleOCR installed: `python -c "from paddleocr import PaddleOCR"`
|
3. Verify PaddleOCR installed: `python -c "from paddleocr import PaddleOCR"`
|
||||||
|
|
||||||
|
### OCR Windows - "poppler not in PATH"
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
# Eroare: "Unable to get page count. Is poppler installed and in PATH?"
|
||||||
|
|
||||||
|
# Solutie 1: Adauga Poppler la PATH
|
||||||
|
# System Properties → Environment Variables → System variables → Path → New
|
||||||
|
# Adauga: C:\Program Files\poppler\Library\bin
|
||||||
|
|
||||||
|
# Solutie 2: Restart serviciul dupa modificarea PATH
|
||||||
|
nssm restart ROA2WEB-DataEntry
|
||||||
|
|
||||||
|
# Verificare:
|
||||||
|
pdfinfo --version
|
||||||
|
```
|
||||||
|
|
||||||
|
### OCR Windows - "tesseract not found"
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
# Eroare: "tesseract is not installed or it's not in your PATH"
|
||||||
|
|
||||||
|
# Solutie: Adauga Tesseract la PATH
|
||||||
|
# C:\Program Files\Tesseract-OCR\
|
||||||
|
|
||||||
|
# Verificare:
|
||||||
|
tesseract --version
|
||||||
|
tesseract --list-langs # Trebuie sa arate 'ron' si 'eng'
|
||||||
|
```
|
||||||
|
|
||||||
|
### OCR Windows - PaddleOCR import error
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
# Eroare: "No module named 'paddleocr'"
|
||||||
|
|
||||||
|
cd C:\inetpub\wwwroot\roa2web\data-entry-backend
|
||||||
|
.\venv\Scripts\activate
|
||||||
|
pip install paddlepaddle>=2.5.0
|
||||||
|
pip install paddleocr>=2.7.0
|
||||||
|
|
||||||
|
# Restart serviciu
|
||||||
|
nssm restart ROA2WEB-DataEntry
|
||||||
|
```
|
||||||
|
|
||||||
### Low OCR accuracy
|
### Low OCR accuracy
|
||||||
|
|
||||||
- Ensure good lighting when taking receipt photos
|
- Ensure good lighting when taking receipt photos
|
||||||
|
|||||||
@@ -2,28 +2,33 @@
|
|||||||
|
|
||||||
Complete deployment solution for ROA2WEB on Windows Server with IIS and Oracle Database.
|
Complete deployment solution for ROA2WEB on Windows Server with IIS and Oracle Database.
|
||||||
|
|
||||||
|
**Includes:**
|
||||||
|
- **Reports App** - Read-only Oracle reports (Port 8000)
|
||||||
|
- **Telegram Bot** - Telegram integration (Port 8002)
|
||||||
|
- **Data Entry App** - Receipt data entry with approval workflow (Port 8003)
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 📂 Package Contents
|
## 📂 Package Contents
|
||||||
|
|
||||||
```
|
```
|
||||||
deployment/windows/
|
deployment/windows/
|
||||||
├── config/ # Configuration files
|
├── config/ # Configuration files
|
||||||
│ ├── web.config # IIS configuration (URL Rewrite, reverse proxy)
|
│ ├── web.config # IIS config for Reports App
|
||||||
│ └── .env.production.windows # Environment variables template
|
│ ├── web.config.data-entry # IIS config for Data Entry App
|
||||||
|
│ └── .env.production.windows # Environment variables template
|
||||||
│
|
│
|
||||||
├── scripts/ # PowerShell automation scripts
|
├── scripts/ # PowerShell automation scripts
|
||||||
│ ├── Install-ROA2WEB.ps1 # Initial installation
|
│ ├── Build-ROA2WEB.ps1 # Build all components (interactive menu)
|
||||||
│ ├── Deploy-ROA2WEB.ps1 # Deploy updates
|
│ ├── ROA2WEB-Console.ps1 # Unified deployment & management console
|
||||||
│ ├── Build-Frontend.ps1 # Build Vue.js frontend (run locally)
|
│ ├── Install-ROA2WEB.ps1 # Initial Reports App installation
|
||||||
│ ├── Start-ROA2WEB.ps1 # Start backend service
|
│ ├── Install-TelegramBot.ps1 # Telegram Bot installation
|
||||||
│ ├── Stop-ROA2WEB.ps1 # Stop backend service
|
│ └── deploy-config.json # Deployment configuration
|
||||||
│ └── Restart-ROA2WEB.ps1 # Restart backend service
|
|
||||||
│
|
│
|
||||||
├── docs/ # Documentation
|
├── docs/ # Documentation
|
||||||
│ └── WINDOWS_DEPLOYMENT.md # Complete deployment guide
|
│ └── WINDOWS_DEPLOYMENT.md # Complete deployment guide
|
||||||
│
|
│
|
||||||
└── README.md # This file
|
└── README.md # This file
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -150,24 +155,56 @@ cd C:\inetpub\wwwroot\roa2web\deployment\windows\scripts
|
|||||||
|
|
||||||
## 🔧 Management Commands
|
## 🔧 Management Commands
|
||||||
|
|
||||||
|
### Interactive Console (Recommended)
|
||||||
|
|
||||||
```powershell
|
```powershell
|
||||||
# Start backend service
|
# Open unified management console
|
||||||
.\Start-ROA2WEB.ps1
|
cd C:\inetpub\wwwroot\roa2web\deployment\windows\scripts
|
||||||
|
.\ROA2WEB-Console.ps1
|
||||||
|
|
||||||
# Stop backend service
|
# Menu options:
|
||||||
.\Stop-ROA2WEB.ps1
|
# [1] Deploy Components
|
||||||
|
# [2] Manage Services
|
||||||
|
# [3] Check Status
|
||||||
|
```
|
||||||
|
|
||||||
# Restart backend service
|
### Non-Interactive Commands
|
||||||
.\Restart-ROA2WEB.ps1
|
|
||||||
|
```powershell
|
||||||
|
# Deploy all components
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action DeployAll
|
||||||
|
|
||||||
|
# Deploy specific component
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action DeployBackend
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action DeployTelegramBot
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action DeployDataEntry
|
||||||
|
|
||||||
|
# Service management
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action StartAll
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action StopAll
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action RestartAll
|
||||||
|
|
||||||
|
# Data Entry service management
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action StartDataEntry
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action StopDataEntry
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action RestartDataEntry
|
||||||
|
|
||||||
|
# Check status
|
||||||
|
.\ROA2WEB-Console.ps1 -NonInteractive -Action Status
|
||||||
|
```
|
||||||
|
|
||||||
|
### Direct Service Commands
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
# Check all ROA2WEB services
|
||||||
|
Get-Service ROA2WEB-*
|
||||||
|
|
||||||
# View logs
|
# View logs
|
||||||
Get-Content C:\inetpub\wwwroot\roa2web\logs\backend-stdout.log -Tail 50 -Wait
|
Get-Content C:\inetpub\wwwroot\roa2web\logs\backend-stdout.log -Tail 50 -Wait
|
||||||
|
Get-Content C:\inetpub\wwwroot\roa2web\data-entry-backend\logs\stdout.log -Tail 50 -Wait
|
||||||
|
|
||||||
# Check service status
|
# Check IIS
|
||||||
Get-Service ROA2WEB-Backend
|
Get-Website | Where-Object { $_.Name -like "*roa2web*" -or $_.Name -like "*data-entry*" }
|
||||||
|
|
||||||
# Check IIS website
|
|
||||||
Get-Website ROA2WEB
|
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -178,43 +215,85 @@ Get-Website ROA2WEB
|
|||||||
|
|
||||||
| Component | Type | Port | Purpose |
|
| Component | Type | Port | Purpose |
|
||||||
|-----------|------|------|---------|
|
|-----------|------|------|---------|
|
||||||
| **Frontend** | IIS Static Files | 80/443 | Vue.js SPA |
|
| **Reports Frontend** | IIS Static Files | 80/443 | Vue.js SPA (Reports) |
|
||||||
| **Backend** | Windows Service | 8000 | FastAPI API |
|
| **Reports Backend** | Windows Service | 8000 | FastAPI API (Reports) |
|
||||||
| **Database** | Oracle | 1521 | Data storage |
|
| **Telegram Bot** | Windows Service | 8002 | Telegram integration |
|
||||||
| **Reverse Proxy** | IIS URL Rewrite | - | API routing |
|
| **Data Entry Frontend** | IIS Static Files | 80/443 | Vue.js SPA (Data Entry) |
|
||||||
|
| **Data Entry Backend** | Windows Service | 8003 | FastAPI API (Data Entry) |
|
||||||
|
| **Database** | Oracle | 1521 | Reports data (read-only) |
|
||||||
|
| **SQLite** | File | - | Data Entry local storage |
|
||||||
|
|
||||||
### Network Flow
|
### Network Flow
|
||||||
|
|
||||||
```
|
```
|
||||||
Client → IIS (port 80) → [web.config URL Rewrite]
|
Client → IIS (port 80/443)
|
||||||
├─ /api/* → Backend Service (localhost:8000)
|
│
|
||||||
│ ↓
|
├─ /roa2web/api/* → Reports Backend (localhost:8000) → Oracle DB
|
||||||
│ Oracle DB (localhost:1521)
|
│
|
||||||
└─ /* → Static Files (Vue.js)
|
├─ /roa2web/* → Reports Frontend (Vue.js)
|
||||||
|
│
|
||||||
|
├─ /data-entry/api/* → Data Entry Backend (localhost:8003) → SQLite
|
||||||
|
│
|
||||||
|
└─ /data-entry/* → Data Entry Frontend (Vue.js)
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### Windows Services
|
||||||
|
|
||||||
|
| Service Name | Description | Port |
|
||||||
|
|-------------|-------------|------|
|
||||||
|
| ROA2WEB-Backend | Reports API | 8000 |
|
||||||
|
| ROA2WEB-TelegramBot | Telegram Bot | 8002 |
|
||||||
|
| ROA2WEB-DataEntry | Data Entry API | 8003 |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 📋 Directory Structure After Installation
|
## 📋 Directory Structure After Installation
|
||||||
|
|
||||||
```
|
```
|
||||||
C:\inetpub\wwwroot\roa2web\
|
C:\inetpub\wwwroot\roa2web\
|
||||||
├── backend\ # FastAPI application
|
│
|
||||||
|
├── backend\ # Reports Backend (FastAPI)
|
||||||
│ ├── app\
|
│ ├── app\
|
||||||
│ ├── requirements.txt
|
│ ├── requirements.txt
|
||||||
│ ├── .env # Configuration
|
│ ├── venv\
|
||||||
│ └── logs\
|
│ └── .env
|
||||||
│
|
│
|
||||||
├── frontend\ # Vue.js static files
|
├── frontend\ # Reports Frontend (Vue.js)
|
||||||
│ ├── index.html
|
│ ├── index.html
|
||||||
│ ├── assets\
|
│ ├── assets\
|
||||||
│ └── web.config
|
│ └── web.config
|
||||||
│
|
│
|
||||||
├── logs\ # Service logs
|
├── telegram-bot\ # Telegram Bot
|
||||||
|
│ ├── app\
|
||||||
|
│ ├── data\telegram_bot.db
|
||||||
|
│ ├── requirements.txt
|
||||||
|
│ ├── venv\
|
||||||
|
│ └── .env
|
||||||
|
│
|
||||||
|
├── data-entry-backend\ # Data Entry Backend (FastAPI)
|
||||||
|
│ ├── app\
|
||||||
|
│ ├── migrations\
|
||||||
|
│ ├── data\receipts.db # SQLite database
|
||||||
|
│ ├── data\uploads\ # Uploaded receipts
|
||||||
|
│ ├── requirements.txt
|
||||||
|
│ ├── venv\
|
||||||
|
│ └── .env
|
||||||
|
│
|
||||||
|
├── data-entry-frontend\ # Data Entry Frontend (Vue.js)
|
||||||
|
│ ├── index.html
|
||||||
|
│ ├── assets\
|
||||||
|
│ └── web.config
|
||||||
|
│
|
||||||
|
├── shared\ # Shared Python modules
|
||||||
|
│ ├── auth\
|
||||||
|
│ ├── database\
|
||||||
|
│ └── utils\
|
||||||
|
│
|
||||||
|
├── logs\ # Service logs
|
||||||
│ ├── backend-stdout.log
|
│ ├── backend-stdout.log
|
||||||
│ └── backend-stderr.log
|
│ └── backend-stderr.log
|
||||||
│
|
│
|
||||||
└── backups\ # Automatic backups
|
└── backups\ # Automatic backups
|
||||||
└── backup-YYYYMMDD-HHMMSS\
|
└── backup-YYYYMMDD-HHMMSS\
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -294,13 +373,64 @@ For complete documentation, see:
|
|||||||
| Resource | Minimum | Recommended |
|
| Resource | Minimum | Recommended |
|
||||||
|----------|---------|-------------|
|
|----------|---------|-------------|
|
||||||
| **OS** | Windows Server 2016 | Windows Server 2019+ |
|
| **OS** | Windows Server 2016 | Windows Server 2019+ |
|
||||||
| **RAM** | 4 GB | 8 GB |
|
| **RAM** | 4 GB | 8 GB (16 GB if using OCR) |
|
||||||
| **CPU** | 2 cores | 4 cores |
|
| **CPU** | 2 cores | 4 cores |
|
||||||
| **Disk** | 10 GB free | 20 GB free |
|
| **Disk** | 10 GB free | 20 GB free |
|
||||||
| **Network** | 100 Mbps | 1 Gbps |
|
| **Network** | 100 Mbps | 1 Gbps |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## 🔍 OCR Dependencies (Data Entry App)
|
||||||
|
|
||||||
|
Data Entry App foloseste OCR pentru extragerea automata a datelor din bonuri fiscale. Pe Windows trebuie instalate manual:
|
||||||
|
|
||||||
|
### 1. Poppler (conversie PDF → imagini)
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
# Descarca de la: https://github.com/osborn/poppler-windows/releases
|
||||||
|
# Extrage in: C:\Program Files\poppler\
|
||||||
|
# Adauga la System PATH: C:\Program Files\poppler\Library\bin
|
||||||
|
|
||||||
|
# Verificare instalare:
|
||||||
|
pdfinfo --version
|
||||||
|
```
|
||||||
|
|
||||||
|
### 2. Tesseract OCR (engine OCR backup)
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
# Descarca installer: https://github.com/UB-Mannheim/tesseract/wiki
|
||||||
|
# Selecteaza limbile: English + Romanian
|
||||||
|
# Default path: C:\Program Files\Tesseract-OCR\
|
||||||
|
# Adauga la System PATH
|
||||||
|
|
||||||
|
# Verificare instalare:
|
||||||
|
tesseract --version
|
||||||
|
```
|
||||||
|
|
||||||
|
### 3. Python OCR Packages
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
cd C:\inetpub\wwwroot\roa2web\data-entry-backend
|
||||||
|
.\venv\Scripts\activate
|
||||||
|
|
||||||
|
pip install paddlepaddle>=2.5.0
|
||||||
|
pip install paddleocr>=2.7.0
|
||||||
|
pip install opencv-python>=4.8.0
|
||||||
|
pip install pytesseract>=0.3.10
|
||||||
|
pip install pdf2image>=1.16.0
|
||||||
|
|
||||||
|
# Restart serviciu
|
||||||
|
nssm restart ROA2WEB-DataEntry
|
||||||
|
```
|
||||||
|
|
||||||
|
### Note importante
|
||||||
|
- **PaddleOCR** descarca modele (~200MB) la prima rulare
|
||||||
|
- **RAM**: PaddleOCR necesita ~2GB RAM disponibil
|
||||||
|
- **PATH**: Dupa modificari PATH, restart serviciul backend
|
||||||
|
- **Test OCR**: `curl http://localhost:8003/api/ocr/status`
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## 🔐 Security Recommendations
|
## 🔐 Security Recommendations
|
||||||
|
|
||||||
1. **Generate Strong JWT Secret:**
|
1. **Generate Strong JWT Secret:**
|
||||||
@@ -353,9 +483,10 @@ For issues or questions:
|
|||||||
|
|
||||||
| Version | Date | Changes |
|
| Version | Date | Changes |
|
||||||
|---------|------|---------|
|
|---------|------|---------|
|
||||||
|
| 2.1.0 | 2025-12-18 | Added Data Entry App deployment support |
|
||||||
| 2.0.0 | 2025-01-18 | Initial Windows deployment package |
|
| 2.0.0 | 2025-01-18 | Initial Windows deployment package |
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
*ROA2WEB - Modern ERP Reports Application*
|
*ROA2WEB - Modern ERP Application (Reports + Data Entry)*
|
||||||
*Windows Server Deployment Package v2.0.0*
|
*Windows Server Deployment Package v2.1.0*
|
||||||
|
|||||||
161
deployment/windows/config/web.config.data-entry
Normal file
161
deployment/windows/config/web.config.data-entry
Normal file
@@ -0,0 +1,161 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
ROA2WEB Data Entry App - IIS Web Configuration
|
||||||
|
|
||||||
|
This configuration enables:
|
||||||
|
- SPA routing for Vue.js (all routes fallback to index.html)
|
||||||
|
- Reverse proxy for /api/* to Data Entry backend FastAPI service (localhost:8003)
|
||||||
|
- Compression and caching for optimal performance
|
||||||
|
- Security headers
|
||||||
|
|
||||||
|
Prerequisites:
|
||||||
|
- IIS URL Rewrite Module: https://www.iis.net/downloads/microsoft/url-rewrite
|
||||||
|
- IIS Application Request Routing (ARR): https://www.iis.net/downloads/microsoft/application-request-routing
|
||||||
|
|
||||||
|
This is for the Data Entry sub-application at /data-entry
|
||||||
|
-->
|
||||||
|
<configuration>
|
||||||
|
<system.webServer>
|
||||||
|
|
||||||
|
<!-- Static Content Compression -->
|
||||||
|
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
|
||||||
|
|
||||||
|
<!-- Default Document -->
|
||||||
|
<defaultDocument>
|
||||||
|
<files>
|
||||||
|
<clear />
|
||||||
|
<add value="index.html" />
|
||||||
|
</files>
|
||||||
|
</defaultDocument>
|
||||||
|
|
||||||
|
<!-- Static Content Settings -->
|
||||||
|
<staticContent>
|
||||||
|
<!-- Enable MIME types for modern web assets -->
|
||||||
|
<!-- Remove first to avoid duplicates, then add -->
|
||||||
|
<remove fileExtension=".json" />
|
||||||
|
<mimeMap fileExtension=".json" mimeType="application/json" />
|
||||||
|
<remove fileExtension=".woff" />
|
||||||
|
<mimeMap fileExtension=".woff" mimeType="application/font-woff" />
|
||||||
|
<remove fileExtension=".woff2" />
|
||||||
|
<mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
|
||||||
|
<remove fileExtension=".svg" />
|
||||||
|
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
|
||||||
|
<remove fileExtension=".webmanifest" />
|
||||||
|
<mimeMap fileExtension=".webmanifest" mimeType="application/manifest+json" />
|
||||||
|
|
||||||
|
<!-- Client-side caching for static assets -->
|
||||||
|
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
|
||||||
|
</staticContent>
|
||||||
|
|
||||||
|
<!-- Custom HTTP Headers (Security) -->
|
||||||
|
<httpProtocol>
|
||||||
|
<customHeaders>
|
||||||
|
<!-- Security Headers -->
|
||||||
|
<add name="X-Frame-Options" value="DENY" />
|
||||||
|
<add name="X-Content-Type-Options" value="nosniff" />
|
||||||
|
<add name="X-XSS-Protection" value="1; mode=block" />
|
||||||
|
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" />
|
||||||
|
<add name="Permissions-Policy" value="geolocation=(), microphone=(), camera=()" />
|
||||||
|
|
||||||
|
<!-- Content Security Policy (adjust as needed) -->
|
||||||
|
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:" />
|
||||||
|
|
||||||
|
<!-- Remove Server header for security -->
|
||||||
|
<remove name="X-Powered-By" />
|
||||||
|
</customHeaders>
|
||||||
|
</httpProtocol>
|
||||||
|
|
||||||
|
<!-- URL Rewrite Rules -->
|
||||||
|
<rewrite>
|
||||||
|
<rules>
|
||||||
|
|
||||||
|
<!-- Rule 1: Force HTTPS (redirect HTTP to HTTPS) -->
|
||||||
|
<rule name="Force HTTPS" stopProcessing="true">
|
||||||
|
<match url="(.*)" />
|
||||||
|
<conditions>
|
||||||
|
<add input="{HTTPS}" pattern="off" />
|
||||||
|
</conditions>
|
||||||
|
<action type="Redirect" url="https://{HTTP_HOST}/data-entry/{R:1}" redirectType="Permanent" />
|
||||||
|
</rule>
|
||||||
|
|
||||||
|
<!-- Rule 2: Reverse Proxy for API Requests to Data Entry Backend (port 8003) -->
|
||||||
|
<rule name="Data Entry API Reverse Proxy" stopProcessing="true">
|
||||||
|
<match url="^api/(.*)" />
|
||||||
|
<action type="Rewrite" url="http://localhost:8003/api/{R:1}" />
|
||||||
|
</rule>
|
||||||
|
|
||||||
|
<!-- Rule 3: Health Check Endpoint -->
|
||||||
|
<rule name="Health Check Proxy" stopProcessing="true">
|
||||||
|
<match url="^health$" />
|
||||||
|
<action type="Rewrite" url="http://localhost:8003/health" />
|
||||||
|
</rule>
|
||||||
|
|
||||||
|
<!-- Rule 4: Don't rewrite if file exists (static assets) -->
|
||||||
|
<rule name="StaticContent" stopProcessing="true">
|
||||||
|
<match url=".*" />
|
||||||
|
<conditions>
|
||||||
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" />
|
||||||
|
</conditions>
|
||||||
|
<action type="None" />
|
||||||
|
</rule>
|
||||||
|
|
||||||
|
<!-- Rule 5: Don't rewrite if directory exists -->
|
||||||
|
<rule name="StaticDirectory" stopProcessing="true">
|
||||||
|
<match url=".*" />
|
||||||
|
<conditions>
|
||||||
|
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" />
|
||||||
|
</conditions>
|
||||||
|
<action type="None" />
|
||||||
|
</rule>
|
||||||
|
|
||||||
|
<!-- Rule 6: SPA Routing - Rewrite all other requests to index.html -->
|
||||||
|
<rule name="SPA Fallback" stopProcessing="true">
|
||||||
|
<match url=".*" />
|
||||||
|
<conditions logicalGrouping="MatchAll">
|
||||||
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
||||||
|
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
|
||||||
|
<add input="{REQUEST_URI}" pattern="^/data-entry/api" negate="true" />
|
||||||
|
</conditions>
|
||||||
|
<action type="Rewrite" url="index.html" />
|
||||||
|
</rule>
|
||||||
|
|
||||||
|
</rules>
|
||||||
|
|
||||||
|
<!-- Outbound Rules (optional - for modifying responses) -->
|
||||||
|
<outboundRules>
|
||||||
|
<rule name="Add HSTS Header" preCondition="IsHTTPS">
|
||||||
|
<match serverVariable="RESPONSE_Strict-Transport-Security" pattern=".*" />
|
||||||
|
<action type="Rewrite" value="max-age=31536000; includeSubDomains" />
|
||||||
|
</rule>
|
||||||
|
<preConditions>
|
||||||
|
<preCondition name="IsHTTPS">
|
||||||
|
<add input="{HTTPS}" pattern="on" />
|
||||||
|
</preCondition>
|
||||||
|
</preConditions>
|
||||||
|
</outboundRules>
|
||||||
|
</rewrite>
|
||||||
|
|
||||||
|
<!-- Error Pages -->
|
||||||
|
<!-- Use Auto to pass through backend API errors unchanged (JSON) while still handling IIS errors -->
|
||||||
|
<httpErrors errorMode="Custom" existingResponse="Auto">
|
||||||
|
<!-- 404 - Not Found: Serve index.html for SPA routing -->
|
||||||
|
<remove statusCode="404" subStatusCode="-1" />
|
||||||
|
<error statusCode="404" path="index.html" responseMode="ExecuteURL" />
|
||||||
|
|
||||||
|
<!-- 500 - Internal Server Error -->
|
||||||
|
<remove statusCode="500" subStatusCode="-1" />
|
||||||
|
<error statusCode="500" path="index.html" responseMode="ExecuteURL" />
|
||||||
|
</httpErrors>
|
||||||
|
|
||||||
|
<!-- Disable directory browsing -->
|
||||||
|
<directoryBrowse enabled="false" />
|
||||||
|
|
||||||
|
</system.webServer>
|
||||||
|
|
||||||
|
<!-- System.web for ASP.NET settings (if needed) -->
|
||||||
|
<system.web>
|
||||||
|
<compilation debug="false" targetFramework="4.8" />
|
||||||
|
<httpRuntime targetFramework="4.8" maxRequestLength="10240" executionTimeout="300" />
|
||||||
|
</system.web>
|
||||||
|
|
||||||
|
</configuration>
|
||||||
Reference in New Issue
Block a user