Marius Mutu
9008876b16
- Delete data-entry-app/ (1.6GB), reports-app/ (447MB), .auto-build-data/
- Saved ~1.4GB disk space (64% reduction: 2.2GB → 845MB)
Updated references across 38 files:
- .claude/rules/ paths: backend/modules/, src/modules/
- .claude/commands/validate.md: all validation paths
- docs/ (13 files): data-entry, telegram, README, CLAUDE.md
- scripts/ (3 files): backup-secrets, restore-secrets, test-docker
- security/ (2 files): git_cleanup, SECURITY_PROCEDURES
- deployment/ & shared/: updated all stale comments
All paths now reflect ultrathin monolith architecture:
- Backend: backend/modules/{reports,data_entry,telegram}/
- Frontend: src/modules/{reports,data-entry}/
- Shared: shared/{auth,database,routes}/
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
5.6 KiB
web.config Files - Which Goes Where?
⚠️ IMPORTANT - Read Before Deployment!
ROA2WEB uses a 2-tier IIS architecture with 2 different web.config files for 2 different servers.
Architecture Overview
Internet
↓
Public Server (10.0.20.122) - roa2web.romfast.ro
↓ HTTPS reverse proxy
Internal Server (10.0.20.36) - application host
↓ API proxy to localhost
Backend Service (localhost:8000 on 10.0.20.36)
File Mapping
File: web.config.10.0.20.122-PUBLIC
Server: 10.0.20.122 (Public IIS - roa2web.romfast.ro) Role: Public gateway, reverse proxy to internal server
Purpose:
- Proxies ALL requests to
https://10.0.20.36/{REQUEST_PATH} - Sets forwarding headers (
X-Forwarded-Proto,X-Forwarded-Host,X-Real-IP) - Redirects root
/to/roa2web/
Key Rule:
<match url="(.*)" />
<action type="Rewrite" url="https://10.0.20.36/{R:1}" />
Deployment Location:
10.0.20.122:
C:\inetpub\wwwroot\[ROOT]\web.config
File: web.config.10.0.20.36-INTERNAL
Server: 10.0.20.36 (Internal IIS - application host) Role: Serves frontend, proxies API to localhost backend
Purpose:
- Serves Vue.js frontend static files
- Proxies
/roa2web/api/*tohttp://localhost:8000/api/* - Proxies
/roa2web/uploads/*tohttp://localhost:8000/uploads/* - SPA fallback for client-side routing
Key Rules:
<match url="^roa2web/api/(.*)" />
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
<match url="^roa2web/uploads/(.*)" />
<action type="Rewrite" url="http://localhost:8000/uploads/{R:1}" />
<match url="^roa2web/.*" />
<action type="Rewrite" url="/roa2web/index.html" />
Deployment Location:
10.0.20.36:
C:\inetpub\wwwroot\roa2web\web.config
Note: This file is also in public/web.config (repository root) and is automatically copied to dist/ during Vite build.
Deployment Checklist
✅ Public Server (10.0.20.122)
# Copy public server config
Copy-Item deployment/windows/config/web.config.10.0.20.122-PUBLIC `
C:\inetpub\wwwroot\[ROOT]\web.config
# Verify
Get-Content C:\inetpub\wwwroot\[ROOT]\web.config | Select-String "10.0.20.36"
Expected: Should see url="https://10.0.20.36/{R:1}"
✅ Internal Server (10.0.20.36)
Option A: From built dist/ (recommended):
# After building frontend with `npm run build`
# web.config is automatically in dist/
# Deploy entire dist/ folder
Copy-Item dist\* C:\inetpub\wwwroot\roa2web\ -Recurse -Force
Option B: Manual copy:
# Copy internal server config
Copy-Item deployment/windows/config/web.config.10.0.20.36-INTERNAL `
C:\inetpub\wwwroot\roa2web\web.config
# Verify
Get-Content C:\inetpub\wwwroot\roa2web\web.config | Select-String "roa2web/api"
Expected: Should see url="^roa2web/api/(.*)" and url="http://localhost:8000/api/{R:1}"
Verification
Test Public Server (10.0.20.122)
# Should proxy to internal server
Invoke-WebRequest https://roa2web.romfast.ro/roa2web/ -UseBasicParsing
# Check response headers
(Invoke-WebRequest https://roa2web.romfast.ro/roa2web/).Headers
Expected: Request should be proxied to 10.0.20.36
Test Internal Server (10.0.20.36)
# Test backend directly
Invoke-WebRequest http://localhost:8000/health
# Test through IIS proxy
Invoke-WebRequest https://localhost/roa2web/api/health
# Test frontend
Invoke-WebRequest https://localhost/roa2web/
Expected: All should return 200 OK
Common Mistakes ❌
❌ WRONG: Using internal config on public server
<!-- On 10.0.20.122 - WRONG! -->
<match url="^roa2web/api/(.*)" />
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
Problem: Public server doesn't have backend on localhost:8000
❌ WRONG: Using public config on internal server
<!-- On 10.0.20.36 - WRONG! -->
<match url="(.*)" />
<action type="Rewrite" url="https://10.0.20.36/{R:1}" />
Problem: Creates infinite redirect loop
❌ WRONG: Missing /roa2web/ prefix on internal server
<!-- On 10.0.20.36 - WRONG! -->
<match url="^api/(.*)" /> <!-- Missing roa2web prefix! -->
<action type="Rewrite" url="http://localhost:8000/api/{R:1}" />
Problem: Requests come as /roa2web/api/... from public server, so ^api/ won't match
Troubleshooting
Issue: 404 on API calls
Symptom: Frontend loads but API returns 404
Check: web.config on 10.0.20.36
# On 10.0.20.36
Get-Content C:\inetpub\wwwroot\roa2web\web.config | Select-String "roa2web/api"
Fix: Update to correct internal server config (see above)
Issue: Infinite redirect loop
Symptom: Browser shows "Too many redirects"
Check: Verify you didn't put public config on internal server
Issue: Backend not reachable
Symptom: 502 Bad Gateway on API calls
Check: Backend service on 10.0.20.36
# On 10.0.20.36
Get-Service ROA2WEB-Backend
Invoke-WebRequest http://localhost:8000/health
Quick Reference
| Server | IP | Config File | Key Pattern | Proxies To |
|---|---|---|---|---|
| Public | 10.0.20.122 | web.config.10.0.20.122-PUBLIC |
url="(.*)" |
https://10.0.20.36/{R:1} |
| Internal | 10.0.20.36 | web.config.10.0.20.36-INTERNAL |
url="^roa2web/api/(.*)" |
http://localhost:8000/api/{R:1} |
Documentation
For complete architecture details, see:
deployment/windows/docs/TWO-TIER-IIS-DEPLOYMENT.mdDIAGNOSIS-2025-12-30.md
Last Updated: 2025-12-30 ROA2WEB Deployment Configuration Guide