chore: Remove obsolete microservices directories and update all references
- Delete data-entry-app/ (1.6GB), reports-app/ (447MB), .auto-build-data/
- Saved ~1.4GB disk space (64% reduction: 2.2GB → 845MB)
Updated references across 38 files:
- .claude/rules/ paths: backend/modules/, src/modules/
- .claude/commands/validate.md: all validation paths
- docs/ (13 files): data-entry, telegram, README, CLAUDE.md
- scripts/ (3 files): backup-secrets, restore-secrets, test-docker
- security/ (2 files): git_cleanup, SECURITY_PROCEDURES
- deployment/ & shared/: updated all stale comments
All paths now reflect ultrathin monolith architecture:
- Backend: backend/modules/{reports,data_entry,telegram}/
- Frontend: src/modules/{reports,data-entry}/
- Shared: shared/{auth,database,routes}/
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
240
deployment/windows/config/README-WEB-CONFIG.md
Normal file
240
deployment/windows/config/README-WEB-CONFIG.md
Normal file
@@ -0,0 +1,240 @@
|
||||
# web.config Files - Which Goes Where?
|
||||
|
||||
## ⚠️ IMPORTANT - Read Before Deployment!
|
||||
|
||||
ROA2WEB uses a **2-tier IIS architecture** with **2 different web.config files** for **2 different servers**.
|
||||
|
||||
---
|
||||
|
||||
## Architecture Overview
|
||||
|
||||
```
|
||||
Internet
|
||||
↓
|
||||
Public Server (10.0.20.122) - roa2web.romfast.ro
|
||||
↓ HTTPS reverse proxy
|
||||
Internal Server (10.0.20.36) - application host
|
||||
↓ API proxy to localhost
|
||||
Backend Service (localhost:8000 on 10.0.20.36)
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## File Mapping
|
||||
|
||||
### File: `web.config.10.0.20.122-PUBLIC`
|
||||
|
||||
**Server**: 10.0.20.122 (Public IIS - roa2web.romfast.ro)
|
||||
**Role**: Public gateway, reverse proxy to internal server
|
||||
|
||||
**Purpose**:
|
||||
- Proxies ALL requests to `https://10.0.20.36/{REQUEST_PATH}`
|
||||
- Sets forwarding headers (`X-Forwarded-Proto`, `X-Forwarded-Host`, `X-Real-IP`)
|
||||
- Redirects root `/` to `/roa2web/`
|
||||
|
||||
**Key Rule**:
|
||||
```xml
|
||||
<match url="(.*)" />
|
||||
<action type="Rewrite" url="https://10.0.20.36/{R:1}" />
|
||||
```
|
||||
|
||||
**Deployment Location**:
|
||||
```
|
||||
10.0.20.122:
|
||||
C:\inetpub\wwwroot\[ROOT]\web.config
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
### File: `web.config.10.0.20.36-INTERNAL`
|
||||
|
||||
**Server**: 10.0.20.36 (Internal IIS - application host)
|
||||
**Role**: Serves frontend, proxies API to localhost backend
|
||||
|
||||
**Purpose**:
|
||||
- Serves Vue.js frontend static files
|
||||
- Proxies `/roa2web/api/*` to `http://localhost:8000/api/*`
|
||||
- Proxies `/roa2web/uploads/*` to `http://localhost:8000/uploads/*`
|
||||
- SPA fallback for client-side routing
|
||||
|
||||
**Key Rules**:
|
||||
```xml
|
||||
<match url="^roa2web/api/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
|
||||
|
||||
<match url="^roa2web/uploads/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8000/uploads/{R:1}" />
|
||||
|
||||
<match url="^roa2web/.*" />
|
||||
<action type="Rewrite" url="/roa2web/index.html" />
|
||||
```
|
||||
|
||||
**Deployment Location**:
|
||||
```
|
||||
10.0.20.36:
|
||||
C:\inetpub\wwwroot\roa2web\web.config
|
||||
```
|
||||
|
||||
**Note**: This file is also in `public/web.config` (repository root) and is automatically copied to `dist/` during Vite build.
|
||||
|
||||
---
|
||||
|
||||
## Deployment Checklist
|
||||
|
||||
### ✅ Public Server (10.0.20.122)
|
||||
|
||||
```powershell
|
||||
# Copy public server config
|
||||
Copy-Item deployment/windows/config/web.config.10.0.20.122-PUBLIC `
|
||||
C:\inetpub\wwwroot\[ROOT]\web.config
|
||||
|
||||
# Verify
|
||||
Get-Content C:\inetpub\wwwroot\[ROOT]\web.config | Select-String "10.0.20.36"
|
||||
```
|
||||
|
||||
**Expected**: Should see `url="https://10.0.20.36/{R:1}"`
|
||||
|
||||
### ✅ Internal Server (10.0.20.36)
|
||||
|
||||
**Option A: From built dist/ (recommended)**:
|
||||
```powershell
|
||||
# After building frontend with `npm run build`
|
||||
# web.config is automatically in dist/
|
||||
|
||||
# Deploy entire dist/ folder
|
||||
Copy-Item dist\* C:\inetpub\wwwroot\roa2web\ -Recurse -Force
|
||||
```
|
||||
|
||||
**Option B: Manual copy**:
|
||||
```powershell
|
||||
# Copy internal server config
|
||||
Copy-Item deployment/windows/config/web.config.10.0.20.36-INTERNAL `
|
||||
C:\inetpub\wwwroot\roa2web\web.config
|
||||
|
||||
# Verify
|
||||
Get-Content C:\inetpub\wwwroot\roa2web\web.config | Select-String "roa2web/api"
|
||||
```
|
||||
|
||||
**Expected**: Should see `url="^roa2web/api/(.*)"` and `url="http://localhost:8000/api/{R:1}"`
|
||||
|
||||
---
|
||||
|
||||
## Verification
|
||||
|
||||
### Test Public Server (10.0.20.122)
|
||||
|
||||
```powershell
|
||||
# Should proxy to internal server
|
||||
Invoke-WebRequest https://roa2web.romfast.ro/roa2web/ -UseBasicParsing
|
||||
|
||||
# Check response headers
|
||||
(Invoke-WebRequest https://roa2web.romfast.ro/roa2web/).Headers
|
||||
```
|
||||
|
||||
**Expected**: Request should be proxied to 10.0.20.36
|
||||
|
||||
### Test Internal Server (10.0.20.36)
|
||||
|
||||
```powershell
|
||||
# Test backend directly
|
||||
Invoke-WebRequest http://localhost:8000/health
|
||||
|
||||
# Test through IIS proxy
|
||||
Invoke-WebRequest https://localhost/roa2web/api/health
|
||||
|
||||
# Test frontend
|
||||
Invoke-WebRequest https://localhost/roa2web/
|
||||
```
|
||||
|
||||
**Expected**: All should return 200 OK
|
||||
|
||||
---
|
||||
|
||||
## Common Mistakes ❌
|
||||
|
||||
### ❌ WRONG: Using internal config on public server
|
||||
|
||||
```xml
|
||||
<!-- On 10.0.20.122 - WRONG! -->
|
||||
<match url="^roa2web/api/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
|
||||
```
|
||||
|
||||
**Problem**: Public server doesn't have backend on localhost:8000
|
||||
|
||||
### ❌ WRONG: Using public config on internal server
|
||||
|
||||
```xml
|
||||
<!-- On 10.0.20.36 - WRONG! -->
|
||||
<match url="(.*)" />
|
||||
<action type="Rewrite" url="https://10.0.20.36/{R:1}" />
|
||||
```
|
||||
|
||||
**Problem**: Creates infinite redirect loop
|
||||
|
||||
### ❌ WRONG: Missing /roa2web/ prefix on internal server
|
||||
|
||||
```xml
|
||||
<!-- On 10.0.20.36 - WRONG! -->
|
||||
<match url="^api/(.*)" /> <!-- Missing roa2web prefix! -->
|
||||
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
|
||||
```
|
||||
|
||||
**Problem**: Requests come as `/roa2web/api/...` from public server, so `^api/` won't match
|
||||
|
||||
---
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Issue: 404 on API calls
|
||||
|
||||
**Symptom**: Frontend loads but API returns 404
|
||||
|
||||
**Check**: web.config on 10.0.20.36
|
||||
|
||||
```powershell
|
||||
# On 10.0.20.36
|
||||
Get-Content C:\inetpub\wwwroot\roa2web\web.config | Select-String "roa2web/api"
|
||||
```
|
||||
|
||||
**Fix**: Update to correct internal server config (see above)
|
||||
|
||||
### Issue: Infinite redirect loop
|
||||
|
||||
**Symptom**: Browser shows "Too many redirects"
|
||||
|
||||
**Check**: Verify you didn't put public config on internal server
|
||||
|
||||
### Issue: Backend not reachable
|
||||
|
||||
**Symptom**: 502 Bad Gateway on API calls
|
||||
|
||||
**Check**: Backend service on 10.0.20.36
|
||||
|
||||
```powershell
|
||||
# On 10.0.20.36
|
||||
Get-Service ROA2WEB-Backend
|
||||
Invoke-WebRequest http://localhost:8000/health
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Quick Reference
|
||||
|
||||
| Server | IP | Config File | Key Pattern | Proxies To |
|
||||
|--------|----|----|-------------|------------|
|
||||
| **Public** | 10.0.20.122 | `web.config.10.0.20.122-PUBLIC` | `url="(.*)"` | `https://10.0.20.36/{R:1}` |
|
||||
| **Internal** | 10.0.20.36 | `web.config.10.0.20.36-INTERNAL` | `url="^roa2web/api/(.*)"` | `http://localhost:8000/api/{R:1}` |
|
||||
|
||||
---
|
||||
|
||||
## Documentation
|
||||
|
||||
For complete architecture details, see:
|
||||
- `deployment/windows/docs/TWO-TIER-IIS-DEPLOYMENT.md`
|
||||
- `DIAGNOSIS-2025-12-30.md`
|
||||
|
||||
---
|
||||
|
||||
*Last Updated: 2025-12-30*
|
||||
*ROA2WEB Deployment Configuration Guide*
|
||||
38
deployment/windows/config/web.config.10.0.20.122-PUBLIC
Normal file
38
deployment/windows/config/web.config.10.0.20.122-PUBLIC
Normal file
@@ -0,0 +1,38 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
====================================================================
|
||||
ROA2WEB - Public IIS Server Configuration
|
||||
====================================================================
|
||||
Server: 10.0.20.122 (roa2web.romfast.ro)
|
||||
Role: Public gateway / reverse proxy
|
||||
|
||||
This web.config ONLY goes on the PUBLIC server (10.0.20.122).
|
||||
It proxies all requests to the internal application server (10.0.20.36).
|
||||
|
||||
⚠️ DO NOT use this config on 10.0.20.36!
|
||||
====================================================================
|
||||
-->
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
<rewrite>
|
||||
<rules>
|
||||
<!-- Redirect root to /roa2web/ -->
|
||||
<rule name="Root to ROA2WEB" stopProcessing="true">
|
||||
<match url="^$" />
|
||||
<action type="Redirect" url="/roa2web/" redirectType="Permanent" />
|
||||
</rule>
|
||||
|
||||
<!-- Reverse Proxy to internal application server -->
|
||||
<rule name="ROA2WEB Reverse Proxy to HTTPS Backend" stopProcessing="true">
|
||||
<match url="(.*)" />
|
||||
<action type="Rewrite" url="https://10.0.20.36/{R:1}" />
|
||||
<serverVariables>
|
||||
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
|
||||
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
|
||||
<set name="HTTP_X_REAL_IP" value="{REMOTE_ADDR}" />
|
||||
</serverVariables>
|
||||
</rule>
|
||||
</rules>
|
||||
</rewrite>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
59
deployment/windows/config/web.config.10.0.20.36-INTERNAL
Normal file
59
deployment/windows/config/web.config.10.0.20.36-INTERNAL
Normal file
@@ -0,0 +1,59 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
====================================================================
|
||||
ROA2WEB - Internal Application Server Configuration
|
||||
====================================================================
|
||||
Server: 10.0.20.36 (internal application server)
|
||||
Role: Application host + API proxy to localhost backend
|
||||
|
||||
This web.config ONLY goes on the INTERNAL server (10.0.20.36).
|
||||
It serves the frontend and proxies API calls to localhost:8000.
|
||||
|
||||
Location: C:\inetpub\wwwroot\roa2web\web.config (on 10.0.20.36)
|
||||
|
||||
⚠️ DO NOT use this config on 10.0.20.122 (public server)!
|
||||
====================================================================
|
||||
-->
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
<rewrite>
|
||||
<rules>
|
||||
<!-- Proxy API requests to unified backend on localhost -->
|
||||
<rule name="Proxy Unified API" stopProcessing="true">
|
||||
<match url="^roa2web/api/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
|
||||
</rule>
|
||||
|
||||
<!-- Proxy uploads to unified backend on localhost -->
|
||||
<rule name="Proxy Uploads" stopProcessing="true">
|
||||
<match url="^roa2web/uploads/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8000/uploads/{R:1}" />
|
||||
</rule>
|
||||
|
||||
<!-- SPA fallback - all other routes serve index.html -->
|
||||
<rule name="SPA Fallback" stopProcessing="true">
|
||||
<match url="^roa2web/.*" />
|
||||
<conditions logicalGrouping="MatchAll">
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
|
||||
</conditions>
|
||||
<action type="Rewrite" url="/roa2web/index.html" />
|
||||
</rule>
|
||||
</rules>
|
||||
</rewrite>
|
||||
|
||||
<!-- Static content configuration -->
|
||||
<staticContent>
|
||||
<mimeMap fileExtension=".webmanifest" mimeType="application/manifest+json" />
|
||||
<mimeMap fileExtension=".js" mimeType="application/javascript" />
|
||||
<mimeMap fileExtension=".json" mimeType="application/json" />
|
||||
</staticContent>
|
||||
|
||||
<!-- Client cache for static assets (1 year) -->
|
||||
<httpProtocol>
|
||||
<customHeaders>
|
||||
<add name="Cache-Control" value="public, max-age=31536000" />
|
||||
</customHeaders>
|
||||
</httpProtocol>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
@@ -826,7 +826,7 @@ CREATE TABLE telegram_sessions (
|
||||
## Support
|
||||
|
||||
**Documentation**:
|
||||
- Project README: `/mnt/e/proiecte/roa2web/roa2web/reports-app/telegram-bot/README.md`
|
||||
- Project README: `/mnt/e/proiecte/roa2web/roa2web/backend/modules/telegram/README.md`
|
||||
- Progress Tracker: `/mnt/e/proiecte/roa2web/roa2web/development/TELEGRAM_BOT_PROGRESS.md`
|
||||
- Production Deployment Plan: `/mnt/e/proiecte/roa2web/roa2web/development/TELEGRAM_BOT_PRODUCTION_DEPLOYMENT.md`
|
||||
|
||||
|
||||
435
deployment/windows/docs/TWO-TIER-IIS-DEPLOYMENT.md
Normal file
435
deployment/windows/docs/TWO-TIER-IIS-DEPLOYMENT.md
Normal file
@@ -0,0 +1,435 @@
|
||||
# Two-Tier IIS Deployment Architecture
|
||||
|
||||
## Overview
|
||||
|
||||
ROA2WEB uses a **2-tier IIS architecture** for production deployment:
|
||||
|
||||
```
|
||||
Internet
|
||||
↓
|
||||
Public IIS Server (roa2web.romfast.ro)
|
||||
↓ HTTPS reverse proxy
|
||||
Internal IIS Server (10.0.20.36)
|
||||
↓ API proxy
|
||||
Backend Service (localhost:8000)
|
||||
↓
|
||||
Oracle Database
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Architecture Components
|
||||
|
||||
### Tier 1: Public IIS Server (Edge/Gateway)
|
||||
|
||||
**Hostname**: `roa2web.romfast.ro`
|
||||
**IP Address**: `10.0.20.122`
|
||||
**Role**: Public-facing reverse proxy
|
||||
**Location**: DMZ/Public network
|
||||
|
||||
**Responsibilities**:
|
||||
- SSL/TLS termination (HTTPS)
|
||||
- Reverse proxy to internal server
|
||||
- Security headers
|
||||
- Public DNS endpoint
|
||||
|
||||
**Configuration** (`web.config` pe serverul 10.0.20.122):
|
||||
|
||||
```xml
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
<rewrite>
|
||||
<rules>
|
||||
<!-- Redirect root to /roa2web/ -->
|
||||
<rule name="Root to ROA2WEB" stopProcessing="true">
|
||||
<match url="^$" />
|
||||
<action type="Redirect" url="/roa2web/" redirectType="Permanent" />
|
||||
</rule>
|
||||
|
||||
<!-- Reverse Proxy to internal server -->
|
||||
<rule name="ROA2WEB Reverse Proxy to HTTPS Backend" stopProcessing="true">
|
||||
<match url="(.*)" />
|
||||
<action type="Rewrite" url="https://10.0.20.36/{R:1}" />
|
||||
<serverVariables>
|
||||
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
|
||||
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
|
||||
<set name="HTTP_X_REAL_IP" value="{REMOTE_ADDR}" />
|
||||
</serverVariables>
|
||||
</rule>
|
||||
</rules>
|
||||
</rewrite>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
```
|
||||
|
||||
**Key Features**:
|
||||
- Root redirect: `https://roa2web.romfast.ro/` → `https://roa2web.romfast.ro/roa2web/`
|
||||
- All requests proxied to: `https://10.0.20.36/{REQUEST_PATH}`
|
||||
- Forwards client IP and protocol headers
|
||||
|
||||
---
|
||||
|
||||
### Tier 2: Internal IIS Server (Application Server)
|
||||
|
||||
**IP Address**: `10.0.20.36`
|
||||
**Role**: Application host + API proxy
|
||||
**Location**: Internal network
|
||||
|
||||
**Responsibilities**:
|
||||
- Serve Vue.js frontend static files
|
||||
- Proxy API requests to backend service
|
||||
- Handle uploads
|
||||
- IIS sub-application at `/roa2web`
|
||||
|
||||
**Configuration** (`web.config` pe serverul 10.0.20.36 - `C:\inetpub\wwwroot\roa2web\web.config`):
|
||||
|
||||
```xml
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<configuration>
|
||||
<system.webServer>
|
||||
<rewrite>
|
||||
<rules>
|
||||
<!-- Proxy all API requests to unified backend -->
|
||||
<rule name="Proxy Unified API" stopProcessing="true">
|
||||
<match url="^roa2web/api/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
|
||||
</rule>
|
||||
|
||||
<!-- Proxy uploads to unified backend -->
|
||||
<rule name="Proxy Uploads" stopProcessing="true">
|
||||
<match url="^roa2web/uploads/(.*)" />
|
||||
<action type="Rewrite" url="http://localhost:8000/uploads/{R:1}" />
|
||||
</rule>
|
||||
|
||||
<!-- SPA fallback - all other routes serve index.html -->
|
||||
<rule name="SPA Fallback" stopProcessing="true">
|
||||
<match url="^roa2web/.*" />
|
||||
<conditions logicalGrouping="MatchAll">
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
||||
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
|
||||
</conditions>
|
||||
<action type="Rewrite" url="/roa2web/index.html" />
|
||||
</rule>
|
||||
</rules>
|
||||
</rewrite>
|
||||
|
||||
<!-- Static content configuration -->
|
||||
<staticContent>
|
||||
<mimeMap fileExtension=".webmanifest" mimeType="application/manifest+json" />
|
||||
<mimeMap fileExtension=".js" mimeType="application/javascript" />
|
||||
<mimeMap fileExtension=".json" mimeType="application/json" />
|
||||
</staticContent>
|
||||
|
||||
<!-- Client cache for static assets (1 year) -->
|
||||
<httpProtocol>
|
||||
<customHeaders>
|
||||
<add name="Cache-Control" value="public, max-age=31536000" />
|
||||
</customHeaders>
|
||||
</httpProtocol>
|
||||
</system.webServer>
|
||||
</configuration>
|
||||
```
|
||||
|
||||
**CRITICAL**: The internal server web.config must handle the `/roa2web/` prefix since requests arrive as:
|
||||
- `https://10.0.20.36/roa2web/api/auth/login` (NOT `/api/auth/login`)
|
||||
|
||||
---
|
||||
|
||||
### Backend Service (FastAPI)
|
||||
|
||||
**Host**: `localhost` (internal server)
|
||||
**Port**: `8000`
|
||||
**Type**: Windows Service (NSSM)
|
||||
**Name**: `ROA2WEB-Backend`
|
||||
|
||||
**Configuration** (`.env`):
|
||||
```env
|
||||
HOST=127.0.0.1
|
||||
PORT=8000
|
||||
ENVIRONMENT=production
|
||||
```
|
||||
|
||||
**Base Path**: `/api` (NOT `/roa2web/api`)
|
||||
|
||||
The backend serves:
|
||||
- `/api/auth/login`
|
||||
- `/api/companies`
|
||||
- `/api/calendar`
|
||||
- etc.
|
||||
|
||||
---
|
||||
|
||||
## Request Flow Example
|
||||
|
||||
### Login Request Flow
|
||||
|
||||
1. **Client Browser** → `POST https://roa2web.romfast.ro/roa2web/api/auth/login`
|
||||
|
||||
2. **Public IIS** (roa2web.romfast.ro):
|
||||
- Receives: `/roa2web/api/auth/login`
|
||||
- Proxies to: `https://10.0.20.36/roa2web/api/auth/login`
|
||||
- Sets headers: `X-Forwarded-Proto: https`, `X-Forwarded-Host: roa2web.romfast.ro`
|
||||
|
||||
3. **Internal IIS** (10.0.20.36):
|
||||
- Receives: `/roa2web/api/auth/login`
|
||||
- Matches rule: `^roa2web/api/(.*)`
|
||||
- Extracts: `auth/login`
|
||||
- Proxies to: `http://localhost:8000/api/auth/login`
|
||||
|
||||
4. **Backend Service** (localhost:8000):
|
||||
- Receives: `/api/auth/login`
|
||||
- Processes request
|
||||
- Returns response
|
||||
|
||||
---
|
||||
|
||||
## Frontend Configuration
|
||||
|
||||
### Vite Build Configuration (`vite.config.js`)
|
||||
|
||||
```javascript
|
||||
export default defineConfig({
|
||||
// Base path for IIS sub-application
|
||||
base: process.env.NODE_ENV === 'production' ? '/roa2web/' : '/',
|
||||
|
||||
// Development proxy (NOT used in production)
|
||||
server: {
|
||||
proxy: {
|
||||
'/api': {
|
||||
target: 'http://localhost:8000',
|
||||
changeOrigin: true
|
||||
}
|
||||
}
|
||||
}
|
||||
})
|
||||
```
|
||||
|
||||
**IMPORTANT**: In production, `base: '/roa2web/'` ensures:
|
||||
- All asset paths: `/roa2web/assets/...`
|
||||
- Router base: `/roa2web/`
|
||||
- API calls: `/roa2web/api/...` (via axios baseURL)
|
||||
|
||||
### API Service Configuration (`src/App.vue`)
|
||||
|
||||
```javascript
|
||||
const authApi = axios.create({
|
||||
baseURL: import.meta.env.BASE_URL + 'api', // Results in: '/roa2web/api'
|
||||
headers: { 'Content-Type': 'application/json' }
|
||||
})
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Common Issues & Troubleshooting
|
||||
|
||||
### Issue: 404 on API calls
|
||||
|
||||
**Symptoms**:
|
||||
- Frontend loads correctly
|
||||
- API calls return 404
|
||||
- Browser console: `POST https://roa2web.romfast.ro/roa2web/api/auth/login 404`
|
||||
|
||||
**Possible Causes**:
|
||||
|
||||
1. **Internal server web.config missing `/roa2web/` prefix in match rules**
|
||||
|
||||
❌ **WRONG**:
|
||||
```xml
|
||||
<match url="^api/(.*)" />
|
||||
```
|
||||
|
||||
✅ **CORRECT**:
|
||||
```xml
|
||||
<match url="^roa2web/api/(.*)" />
|
||||
```
|
||||
|
||||
2. **Backend service not running**
|
||||
|
||||
Check on internal server (10.0.20.36):
|
||||
```powershell
|
||||
Get-Service ROA2WEB-Backend
|
||||
Invoke-WebRequest http://localhost:8000/health
|
||||
```
|
||||
|
||||
3. **IIS ARR not enabled**
|
||||
|
||||
On internal server (10.0.20.36):
|
||||
```powershell
|
||||
# Install ARR
|
||||
Install-WindowsFeature -Name Web-ARR
|
||||
|
||||
# Enable proxy
|
||||
Set-WebConfigurationProperty -PSPath "MACHINE/WEBROOT/APPHOST" `
|
||||
-Filter "system.webServer/proxy" `
|
||||
-Name "enabled" `
|
||||
-Value "True"
|
||||
```
|
||||
|
||||
4. **IIS sub-application not configured at `/roa2web`**
|
||||
|
||||
The frontend must be deployed as IIS sub-application at path `/roa2web`, NOT as root site.
|
||||
|
||||
### Issue: Frontend loads but shows blank page
|
||||
|
||||
**Symptoms**:
|
||||
- Browser shows white screen
|
||||
- Console error: `Failed to load module script`
|
||||
- Assets return 404
|
||||
|
||||
**Solution**: Check `base` in `vite.config.js` matches IIS sub-application path.
|
||||
|
||||
### Issue: CORS errors
|
||||
|
||||
**Symptoms**:
|
||||
- API calls blocked by CORS policy
|
||||
- Console: `Access-Control-Allow-Origin` error
|
||||
|
||||
**Solution**: Backend should see requests as same-origin (via IIS proxy), so CORS shouldn't apply. If you see CORS errors, the proxy is misconfigured.
|
||||
|
||||
---
|
||||
|
||||
## Deployment Checklist
|
||||
|
||||
### Public Server (roa2web.romfast.ro)
|
||||
|
||||
- [ ] SSL certificate installed and valid
|
||||
- [ ] IIS ARR (Application Request Routing) installed
|
||||
- [ ] web.config configured with reverse proxy to 10.0.20.36
|
||||
- [ ] Server variables enabled in IIS
|
||||
- [ ] Firewall allows HTTPS outbound to 10.0.20.36
|
||||
|
||||
### Internal Server (10.0.20.36)
|
||||
|
||||
- [ ] IIS installed and running
|
||||
- [ ] IIS ARR installed
|
||||
- [ ] IIS URL Rewrite module installed
|
||||
- [ ] Sub-application created at `/roa2web`
|
||||
- [ ] Frontend files deployed to `C:\inetpub\wwwroot\roa2web\`
|
||||
- [ ] web.config includes `/roa2web/` prefix in match rules
|
||||
- [ ] Backend service (ROA2WEB-Backend) running
|
||||
- [ ] Backend accessible at `http://localhost:8000/health`
|
||||
- [ ] Firewall allows HTTPS inbound from public server
|
||||
|
||||
### Backend Service
|
||||
|
||||
- [ ] Windows Service created (NSSM)
|
||||
- [ ] Service set to auto-start
|
||||
- [ ] `.env` configured with correct Oracle credentials
|
||||
- [ ] Logs directory exists and writable
|
||||
- [ ] Health check returns 200 OK
|
||||
|
||||
---
|
||||
|
||||
## Testing Procedure
|
||||
|
||||
### 1. Test Backend Directly (on 10.0.20.36)
|
||||
|
||||
```powershell
|
||||
# Health check
|
||||
Invoke-WebRequest http://localhost:8000/health
|
||||
|
||||
# API test (without auth)
|
||||
Invoke-WebRequest http://localhost:8000/api/health
|
||||
```
|
||||
|
||||
### 2. Test Internal IIS Proxy (on 10.0.20.36)
|
||||
|
||||
```powershell
|
||||
# Should proxy to backend
|
||||
Invoke-WebRequest https://localhost/roa2web/api/health
|
||||
|
||||
# Should serve frontend
|
||||
Invoke-WebRequest https://localhost/roa2web/
|
||||
```
|
||||
|
||||
### 3. Test Public Access (from any client)
|
||||
|
||||
```powershell
|
||||
# Frontend
|
||||
Invoke-WebRequest https://roa2web.romfast.ro/roa2web/
|
||||
|
||||
# API (will fail without auth, but should return 401 not 404)
|
||||
Invoke-WebRequest https://roa2web.romfast.ro/roa2web/api/health
|
||||
```
|
||||
|
||||
### 4. Test with Playwright (comprehensive)
|
||||
|
||||
```bash
|
||||
# Use Playwright to test full login flow
|
||||
./start-playwright.sh
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Monitoring & Logs
|
||||
|
||||
### Public Server Logs
|
||||
|
||||
```powershell
|
||||
# IIS logs
|
||||
Get-Content C:\inetpub\logs\LogFiles\W3SVC*\*.log -Tail 50
|
||||
|
||||
# Failed Request Tracing (if enabled)
|
||||
Get-ChildItem C:\inetpub\logs\FailedReqLogFiles
|
||||
```
|
||||
|
||||
### Internal Server Logs
|
||||
|
||||
```powershell
|
||||
# IIS logs
|
||||
Get-Content C:\inetpub\logs\LogFiles\W3SVC*\*.log -Tail 50
|
||||
|
||||
# Backend service logs
|
||||
Get-Content C:\inetpub\wwwroot\roa2web\logs\backend-stdout.log -Tail 50 -Wait
|
||||
Get-Content C:\inetpub\wwwroot\roa2web\logs\backend-stderr.log -Tail 50
|
||||
```
|
||||
|
||||
### Backend Application Logs
|
||||
|
||||
```powershell
|
||||
# Application log
|
||||
Get-Content C:\inetpub\wwwroot\roa2web\backend\logs\app.log -Tail 100
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Security Considerations
|
||||
|
||||
### SSL/TLS
|
||||
|
||||
- Public server handles SSL termination
|
||||
- Internal communication can use HTTPS (current) or HTTP (simpler)
|
||||
- Certificate management only needed on public server
|
||||
|
||||
### Firewall Rules
|
||||
|
||||
**Public Server**:
|
||||
- Allow inbound: 443 (HTTPS)
|
||||
- Allow outbound: 443 to 10.0.20.36
|
||||
|
||||
**Internal Server**:
|
||||
- Allow inbound: 443 from public server IP only
|
||||
- No need to expose port 8000 externally (backend is localhost-only)
|
||||
|
||||
### Headers
|
||||
|
||||
Public server sets forwarding headers:
|
||||
- `X-Forwarded-Proto: https` - Original protocol
|
||||
- `X-Forwarded-Host: roa2web.romfast.ro` - Original hostname
|
||||
- `X-Real-IP: {CLIENT_IP}` - Client IP address
|
||||
|
||||
Backend can use these for logging and security.
|
||||
|
||||
---
|
||||
|
||||
## Version History
|
||||
|
||||
| Version | Date | Changes |
|
||||
|---------|------|---------|
|
||||
| 1.0.0 | 2025-12-30 | Initial documentation |
|
||||
|
||||
---
|
||||
|
||||
*Last Updated: 2025-12-30*
|
||||
*ROA2WEB Two-Tier IIS Deployment Architecture*
|
||||
Reference in New Issue
Block a user