Initial commit: ROA2WEB - FastAPI + Vue.js + Telegram Bot
Modern ERP Reports Application with microservices architecture Tech Stack: - Backend: FastAPI + python-oracledb (Oracle DB integration) - Frontend: Vue.js 3 + PrimeVue + Vite - Telegram Bot: python-telegram-bot + SQLite - Infrastructure: Shared database pool, JWT authentication, SSH tunnel Features: - FastAPI backend with async Oracle connection pool - Vue.js 3 responsive frontend with PrimeVue components - Telegram bot alternative interface - Microservices architecture with shared components - Complete deployment support (Linux Docker + Windows IIS) - Comprehensive testing (Playwright E2E + pytest) Repository Structure: - reports-app/ - Main application (backend, frontend, telegram-bot) - shared/ - Shared components (database pool, auth, utils) - deployment/ - Deployment scripts (Linux & Windows) - docs/ - Project documentation - security/ - Security scanning and git hooks
This commit is contained in:
158
deployment/windows/config/web.config
Normal file
158
deployment/windows/config/web.config
Normal file
@@ -0,0 +1,158 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
ROA2WEB - IIS Web Configuration
|
||||
|
||||
This configuration enables:
|
||||
- SPA routing for Vue.js (all routes fallback to index.html)
|
||||
- Reverse proxy for /api/* to backend FastAPI service (localhost:8000)
|
||||
- Compression and caching for optimal performance
|
||||
- Security headers
|
||||
|
||||
Prerequisites:
|
||||
- IIS URL Rewrite Module: https://www.iis.net/downloads/microsoft/url-rewrite
|
||||
- IIS Application Request Routing (ARR): https://www.iis.net/downloads/microsoft/application-request-routing
|
||||
-->
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
|
||||
<!-- Static Content Compression -->
|
||||
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
|
||||
|
||||
<!-- Default Document -->
|
||||
<defaultDocument>
|
||||
<files>
|
||||
<clear />
|
||||
<add value="index.html" />
|
||||
</files>
|
||||
</defaultDocument>
|
||||
|
||||
<!-- Static Content Settings -->
|
||||
<staticContent>
|
||||
<!-- Enable MIME types for modern web assets -->
|
||||
<!-- Remove first to avoid duplicates, then add -->
|
||||
<remove fileExtension=".json" />
|
||||
<mimeMap fileExtension=".json" mimeType="application/json" />
|
||||
<remove fileExtension=".woff" />
|
||||
<mimeMap fileExtension=".woff" mimeType="application/font-woff" />
|
||||
<remove fileExtension=".woff2" />
|
||||
<mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
|
||||
<remove fileExtension=".svg" />
|
||||
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
|
||||
<remove fileExtension=".webmanifest" />
|
||||
<mimeMap fileExtension=".webmanifest" mimeType="application/manifest+json" />
|
||||
|
||||
<!-- Client-side caching for static assets -->
|
||||
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
|
||||
</staticContent>
|
||||
|
||||
<!-- Custom HTTP Headers (Security) -->
|
||||
<httpProtocol>
|
||||
<customHeaders>
|
||||
<!-- Security Headers -->
|
||||
<add name="X-Frame-Options" value="DENY" />
|
||||
<add name="X-Content-Type-Options" value="nosniff" />
|
||||
<add name="X-XSS-Protection" value="1; mode=block" />
|
||||
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" />
|
||||
<add name="Permissions-Policy" value="geolocation=(), microphone=(), camera=()" />
|
||||
|
||||
<!-- Content Security Policy (adjust as needed) -->
|
||||
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:" />
|
||||
|
||||
<!-- Remove Server header for security -->
|
||||
<remove name="X-Powered-By" />
|
||||
</customHeaders>
|
||||
</httpProtocol>
|
||||
|
||||
<!-- URL Rewrite Rules -->
|
||||
<rewrite>
|
||||
<rules>
|
||||
|
||||
<!-- Rule 1: Force HTTPS (redirect HTTP to HTTPS) -->
|
||||
<rule name="Force HTTPS" stopProcessing="true">
|
||||
<match url="(.*)" />
|
||||
<conditions>
|
||||
<add input="{HTTPS}" pattern="off" />
|
||||
</conditions>
|
||||
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 2: Reverse Proxy for API Requests -->
|
||||
<rule name="API Reverse Proxy" stopProcessing="true">
|
||||
<match url="^api/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 3: Health Check Endpoint -->
|
||||
<rule name="Health Check Proxy" stopProcessing="true">
|
||||
<match url="^health$" />
|
||||
<action type="Rewrite" url="http://localhost:8000/health" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 4: Don't rewrite if file exists (static assets) -->
|
||||
<rule name="StaticContent" stopProcessing="true">
|
||||
<match url=".*" />
|
||||
<conditions>
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" />
|
||||
</conditions>
|
||||
<action type="None" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 5: Don't rewrite if directory exists -->
|
||||
<rule name="StaticDirectory" stopProcessing="true">
|
||||
<match url=".*" />
|
||||
<conditions>
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" />
|
||||
</conditions>
|
||||
<action type="None" />
|
||||
</rule>
|
||||
|
||||
<!-- Rule 6: SPA Routing - Rewrite all other requests to index.html -->
|
||||
<rule name="SPA Fallback" stopProcessing="true">
|
||||
<match url=".*" />
|
||||
<conditions logicalGrouping="MatchAll">
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
|
||||
<add input="{REQUEST_URI}" pattern="^/api" negate="true" />
|
||||
</conditions>
|
||||
<action type="Rewrite" url="index.html" />
|
||||
</rule>
|
||||
|
||||
</rules>
|
||||
|
||||
<!-- Outbound Rules (optional - for modifying responses) -->
|
||||
<outboundRules>
|
||||
<rule name="Add HSTS Header" preCondition="IsHTTPS">
|
||||
<match serverVariable="RESPONSE_Strict-Transport-Security" pattern=".*" />
|
||||
<action type="Rewrite" value="max-age=31536000; includeSubDomains" />
|
||||
</rule>
|
||||
<preConditions>
|
||||
<preCondition name="IsHTTPS">
|
||||
<add input="{HTTPS}" pattern="on" />
|
||||
</preCondition>
|
||||
</preConditions>
|
||||
</outboundRules>
|
||||
</rewrite>
|
||||
|
||||
<!-- Error Pages -->
|
||||
<httpErrors errorMode="Custom" existingResponse="Replace">
|
||||
<!-- 404 - Not Found: Serve index.html for SPA routing -->
|
||||
<remove statusCode="404" subStatusCode="-1" />
|
||||
<error statusCode="404" path="index.html" responseMode="ExecuteURL" />
|
||||
|
||||
<!-- 500 - Internal Server Error -->
|
||||
<remove statusCode="500" subStatusCode="-1" />
|
||||
<error statusCode="500" path="index.html" responseMode="ExecuteURL" />
|
||||
</httpErrors>
|
||||
|
||||
<!-- Disable directory browsing -->
|
||||
<directoryBrowse enabled="false" />
|
||||
|
||||
</system.webServer>
|
||||
|
||||
<!-- System.web for ASP.NET settings (if needed) -->
|
||||
<system.web>
|
||||
<compilation debug="false" targetFramework="4.8" />
|
||||
<httpRuntime targetFramework="4.8" maxRequestLength="10240" executionTimeout="300" />
|
||||
</system.web>
|
||||
|
||||
</configuration>
|
||||
Reference in New Issue
Block a user