Files
roa2web-service-auto/deployment/windows/config/web.config.data-entry
Marius Mutu 642ae3a96c docs: Add Windows OCR dependencies and fix IIS API error handling
- Add OCR installation instructions for Windows (Poppler, Tesseract, PaddleOCR)
- Add troubleshooting section for common OCR errors on Windows
- Fix web.config.data-entry to use existingResponse="Auto" instead of "Replace"
  This allows FastAPI JSON error responses to pass through IIS unchanged
- Update system requirements to recommend 16GB RAM for OCR workloads

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-18 19:43:33 +02:00

162 lines
7.1 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!--
ROA2WEB Data Entry App - IIS Web Configuration
This configuration enables:
- SPA routing for Vue.js (all routes fallback to index.html)
- Reverse proxy for /api/* to Data Entry backend FastAPI service (localhost:8003)
- Compression and caching for optimal performance
- Security headers
Prerequisites:
- IIS URL Rewrite Module: https://www.iis.net/downloads/microsoft/url-rewrite
- IIS Application Request Routing (ARR): https://www.iis.net/downloads/microsoft/application-request-routing
This is for the Data Entry sub-application at /data-entry
-->
<configuration>
<system.webServer>
<!-- Static Content Compression -->
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
<!-- Default Document -->
<defaultDocument>
<files>
<clear />
<add value="index.html" />
</files>
</defaultDocument>
<!-- Static Content Settings -->
<staticContent>
<!-- Enable MIME types for modern web assets -->
<!-- Remove first to avoid duplicates, then add -->
<remove fileExtension=".json" />
<mimeMap fileExtension=".json" mimeType="application/json" />
<remove fileExtension=".woff" />
<mimeMap fileExtension=".woff" mimeType="application/font-woff" />
<remove fileExtension=".woff2" />
<mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
<remove fileExtension=".svg" />
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
<remove fileExtension=".webmanifest" />
<mimeMap fileExtension=".webmanifest" mimeType="application/manifest+json" />
<!-- Client-side caching for static assets -->
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
</staticContent>
<!-- Custom HTTP Headers (Security) -->
<httpProtocol>
<customHeaders>
<!-- Security Headers -->
<add name="X-Frame-Options" value="DENY" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="X-XSS-Protection" value="1; mode=block" />
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" />
<add name="Permissions-Policy" value="geolocation=(), microphone=(), camera=()" />
<!-- Content Security Policy (adjust as needed) -->
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:" />
<!-- Remove Server header for security -->
<remove name="X-Powered-By" />
</customHeaders>
</httpProtocol>
<!-- URL Rewrite Rules -->
<rewrite>
<rules>
<!-- Rule 1: Force HTTPS (redirect HTTP to HTTPS) -->
<rule name="Force HTTPS" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/data-entry/{R:1}" redirectType="Permanent" />
</rule>
<!-- Rule 2: Reverse Proxy for API Requests to Data Entry Backend (port 8003) -->
<rule name="Data Entry API Reverse Proxy" stopProcessing="true">
<match url="^api/(.*)" />
<action type="Rewrite" url="http://localhost:8003/api/{R:1}" />
</rule>
<!-- Rule 3: Health Check Endpoint -->
<rule name="Health Check Proxy" stopProcessing="true">
<match url="^health$" />
<action type="Rewrite" url="http://localhost:8003/health" />
</rule>
<!-- Rule 4: Don't rewrite if file exists (static assets) -->
<rule name="StaticContent" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" />
</conditions>
<action type="None" />
</rule>
<!-- Rule 5: Don't rewrite if directory exists -->
<rule name="StaticDirectory" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" />
</conditions>
<action type="None" />
</rule>
<!-- Rule 6: SPA Routing - Rewrite all other requests to index.html -->
<rule name="SPA Fallback" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_URI}" pattern="^/data-entry/api" negate="true" />
</conditions>
<action type="Rewrite" url="index.html" />
</rule>
</rules>
<!-- Outbound Rules (optional - for modifying responses) -->
<outboundRules>
<rule name="Add HSTS Header" preCondition="IsHTTPS">
<match serverVariable="RESPONSE_Strict-Transport-Security" pattern=".*" />
<action type="Rewrite" value="max-age=31536000; includeSubDomains" />
</rule>
<preConditions>
<preCondition name="IsHTTPS">
<add input="{HTTPS}" pattern="on" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<!-- Error Pages -->
<!-- Use Auto to pass through backend API errors unchanged (JSON) while still handling IIS errors -->
<httpErrors errorMode="Custom" existingResponse="Auto">
<!-- 404 - Not Found: Serve index.html for SPA routing -->
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" path="index.html" responseMode="ExecuteURL" />
<!-- 500 - Internal Server Error -->
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="500" path="index.html" responseMode="ExecuteURL" />
</httpErrors>
<!-- Disable directory browsing -->
<directoryBrowse enabled="false" />
</system.webServer>
<!-- System.web for ASP.NET settings (if needed) -->
<system.web>
<compilation debug="false" targetFramework="4.8" />
<httpRuntime targetFramework="4.8" maxRequestLength="10240" executionTimeout="300" />
</system.web>
</configuration>