- Add OCR installation instructions for Windows (Poppler, Tesseract, PaddleOCR) - Add troubleshooting section for common OCR errors on Windows - Fix web.config.data-entry to use existingResponse="Auto" instead of "Replace" This allows FastAPI JSON error responses to pass through IIS unchanged - Update system requirements to recommend 16GB RAM for OCR workloads 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
162 lines
7.1 KiB
XML
162 lines
7.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
ROA2WEB Data Entry App - IIS Web Configuration
|
|
|
|
This configuration enables:
|
|
- SPA routing for Vue.js (all routes fallback to index.html)
|
|
- Reverse proxy for /api/* to Data Entry backend FastAPI service (localhost:8003)
|
|
- Compression and caching for optimal performance
|
|
- Security headers
|
|
|
|
Prerequisites:
|
|
- IIS URL Rewrite Module: https://www.iis.net/downloads/microsoft/url-rewrite
|
|
- IIS Application Request Routing (ARR): https://www.iis.net/downloads/microsoft/application-request-routing
|
|
|
|
This is for the Data Entry sub-application at /data-entry
|
|
-->
|
|
<configuration>
|
|
<system.webServer>
|
|
|
|
<!-- Static Content Compression -->
|
|
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
|
|
|
|
<!-- Default Document -->
|
|
<defaultDocument>
|
|
<files>
|
|
<clear />
|
|
<add value="index.html" />
|
|
</files>
|
|
</defaultDocument>
|
|
|
|
<!-- Static Content Settings -->
|
|
<staticContent>
|
|
<!-- Enable MIME types for modern web assets -->
|
|
<!-- Remove first to avoid duplicates, then add -->
|
|
<remove fileExtension=".json" />
|
|
<mimeMap fileExtension=".json" mimeType="application/json" />
|
|
<remove fileExtension=".woff" />
|
|
<mimeMap fileExtension=".woff" mimeType="application/font-woff" />
|
|
<remove fileExtension=".woff2" />
|
|
<mimeMap fileExtension=".woff2" mimeType="application/font-woff2" />
|
|
<remove fileExtension=".svg" />
|
|
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
|
|
<remove fileExtension=".webmanifest" />
|
|
<mimeMap fileExtension=".webmanifest" mimeType="application/manifest+json" />
|
|
|
|
<!-- Client-side caching for static assets -->
|
|
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="365.00:00:00" />
|
|
</staticContent>
|
|
|
|
<!-- Custom HTTP Headers (Security) -->
|
|
<httpProtocol>
|
|
<customHeaders>
|
|
<!-- Security Headers -->
|
|
<add name="X-Frame-Options" value="DENY" />
|
|
<add name="X-Content-Type-Options" value="nosniff" />
|
|
<add name="X-XSS-Protection" value="1; mode=block" />
|
|
<add name="Referrer-Policy" value="strict-origin-when-cross-origin" />
|
|
<add name="Permissions-Policy" value="geolocation=(), microphone=(), camera=()" />
|
|
|
|
<!-- Content Security Policy (adjust as needed) -->
|
|
<add name="Content-Security-Policy" value="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' ws: wss:" />
|
|
|
|
<!-- Remove Server header for security -->
|
|
<remove name="X-Powered-By" />
|
|
</customHeaders>
|
|
</httpProtocol>
|
|
|
|
<!-- URL Rewrite Rules -->
|
|
<rewrite>
|
|
<rules>
|
|
|
|
<!-- Rule 1: Force HTTPS (redirect HTTP to HTTPS) -->
|
|
<rule name="Force HTTPS" stopProcessing="true">
|
|
<match url="(.*)" />
|
|
<conditions>
|
|
<add input="{HTTPS}" pattern="off" />
|
|
</conditions>
|
|
<action type="Redirect" url="https://{HTTP_HOST}/data-entry/{R:1}" redirectType="Permanent" />
|
|
</rule>
|
|
|
|
<!-- Rule 2: Reverse Proxy for API Requests to Data Entry Backend (port 8003) -->
|
|
<rule name="Data Entry API Reverse Proxy" stopProcessing="true">
|
|
<match url="^api/(.*)" />
|
|
<action type="Rewrite" url="http://localhost:8003/api/{R:1}" />
|
|
</rule>
|
|
|
|
<!-- Rule 3: Health Check Endpoint -->
|
|
<rule name="Health Check Proxy" stopProcessing="true">
|
|
<match url="^health$" />
|
|
<action type="Rewrite" url="http://localhost:8003/health" />
|
|
</rule>
|
|
|
|
<!-- Rule 4: Don't rewrite if file exists (static assets) -->
|
|
<rule name="StaticContent" stopProcessing="true">
|
|
<match url=".*" />
|
|
<conditions>
|
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" />
|
|
</conditions>
|
|
<action type="None" />
|
|
</rule>
|
|
|
|
<!-- Rule 5: Don't rewrite if directory exists -->
|
|
<rule name="StaticDirectory" stopProcessing="true">
|
|
<match url=".*" />
|
|
<conditions>
|
|
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" />
|
|
</conditions>
|
|
<action type="None" />
|
|
</rule>
|
|
|
|
<!-- Rule 6: SPA Routing - Rewrite all other requests to index.html -->
|
|
<rule name="SPA Fallback" stopProcessing="true">
|
|
<match url=".*" />
|
|
<conditions logicalGrouping="MatchAll">
|
|
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
|
|
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
|
|
<add input="{REQUEST_URI}" pattern="^/data-entry/api" negate="true" />
|
|
</conditions>
|
|
<action type="Rewrite" url="index.html" />
|
|
</rule>
|
|
|
|
</rules>
|
|
|
|
<!-- Outbound Rules (optional - for modifying responses) -->
|
|
<outboundRules>
|
|
<rule name="Add HSTS Header" preCondition="IsHTTPS">
|
|
<match serverVariable="RESPONSE_Strict-Transport-Security" pattern=".*" />
|
|
<action type="Rewrite" value="max-age=31536000; includeSubDomains" />
|
|
</rule>
|
|
<preConditions>
|
|
<preCondition name="IsHTTPS">
|
|
<add input="{HTTPS}" pattern="on" />
|
|
</preCondition>
|
|
</preConditions>
|
|
</outboundRules>
|
|
</rewrite>
|
|
|
|
<!-- Error Pages -->
|
|
<!-- Use Auto to pass through backend API errors unchanged (JSON) while still handling IIS errors -->
|
|
<httpErrors errorMode="Custom" existingResponse="Auto">
|
|
<!-- 404 - Not Found: Serve index.html for SPA routing -->
|
|
<remove statusCode="404" subStatusCode="-1" />
|
|
<error statusCode="404" path="index.html" responseMode="ExecuteURL" />
|
|
|
|
<!-- 500 - Internal Server Error -->
|
|
<remove statusCode="500" subStatusCode="-1" />
|
|
<error statusCode="500" path="index.html" responseMode="ExecuteURL" />
|
|
</httpErrors>
|
|
|
|
<!-- Disable directory browsing -->
|
|
<directoryBrowse enabled="false" />
|
|
|
|
</system.webServer>
|
|
|
|
<!-- System.web for ASP.NET settings (if needed) -->
|
|
<system.web>
|
|
<compilation debug="false" targetFramework="4.8" />
|
|
<httpRuntime targetFramework="4.8" maxRequestLength="10240" executionTimeout="300" />
|
|
</system.web>
|
|
|
|
</configuration>
|