* fix: bundle banner into admin-ui image and serve at origin root
The loader at apps/banner/src/loader.ts derives the bundle URL from
its own origin, not its directory, so ``consent-loader.js`` and
``consent-bundle.js`` must live at the web root rather than under a
sub-path. The upstream admin-ui image never bundled the banner at
all, forcing deployment overlays to paper over the gap — and those
overlays misplaced the files under ``/banner/``.
Fold the banner build into ``apps/admin-ui/Dockerfile`` as an extra
stage, move its output to ``public/`` so Vite emits it at the image
root, and add CORS + caching rules for the two scripts in
``nginx.conf`` ahead of the SPA fallback. Switch the root
``docker-compose.yml`` build context to the repo root (with the
dockerignore trimmed accordingly) so one image now covers admin + CDN.
Also drop the published sourcemap for ``consent-bundle.js`` — the
bundle is minified and cross-origin, shipping a map to anyone
inspecting a customer page isn't something we want.
* feat: add docker-compose.prod.yml for single-host deployment
Add a production-targeted compose file alongside the existing dev one.
Operators running ConsentOS on a single host (the OSS quick-start
path) now have a canonical compose to point ``-f`` at, instead of
hand-rolling overlays in their deployment repo.
Differences from ``docker-compose.yml`` (dev) — see the file header
for the full list, but the load-bearing ones are:
* A one-shot ``consentos-bootstrap`` init container owns alembic
migrations and the initial-admin provisioning. Every long-running
service that touches the database waits for it via
``service_completed_successfully``.
* Postgres credentials and Redis password come from the ``.env``
file rather than being hardcoded; the dev compose keeps the
``consentos:consentos`` defaults so ``make up`` still just works.
* All host-bound ports are scoped to ``127.0.0.1`` so a reverse
proxy on the host (Caddy in the reference deployment) can
terminate TLS in front of them.
* The scanner gets a scoped ``environment:`` block instead of
``env_file: .env``. Sharing the env file caused vars like
``PORT`` to leak into ``ScannerSettings`` and rebind the service
off its default ``8001``, which silently broke
``SCANNER_SERVICE_URL`` for the worker.
* ``shm_size: 1gb`` on the scanner — Playwright/Chromium crashes
under the default 64 MB ``/dev/shm`` on heavy pages.
* ``consentos-admin`` builds with the repo root as the context so
the upstream ``apps/admin-ui/Dockerfile`` (added in the previous
commit) can pull ``apps/banner/`` in alongside ``apps/admin-ui/``
and bundle ``consent-loader.js`` / ``consent-bundle.js`` at the
nginx root.
* Per-service ``mem_limit`` and dependency-aware healthchecks so
``docker compose up -d`` gives a consistent, observable start.
ConsentOS — a privacy-first cookie consent management platform.
Self-hosted, source-available alternative to OneTrust, Cookiebot, and
CookieYes. Full standards coverage (IAB TCF v2.2, GPP v1, Google
Consent Mode v2, GPC, Shopify Customer Privacy API), multi-tenant
architecture with role-based access, configuration cascade
(system → org → group → site → region), dark-pattern detection in
the scanner, and a tamper-evident consent record audit trail.
This is the initial public release. Prior development history is
retained internally.
See README.md for the feature list, architecture overview, and
quick-start instructions. Licensed under the Elastic Licence 2.0 —
self-host freely; do not resell as a managed service.
