kunthawat/consentos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
Files
355b5156a5becedf734602a96172cdfcd877b0a2
consentos/apps/api/Dockerfile
James Cottrill fbf26453f2 feat: initial public release 
ConsentOS — a privacy-first cookie consent management platform.

Self-hosted, source-available alternative to OneTrust, Cookiebot, and
CookieYes. Full standards coverage (IAB TCF v2.2, GPP v1, Google
Consent Mode v2, GPC, Shopify Customer Privacy API), multi-tenant
architecture with role-based access, configuration cascade
(system → org → group → site → region), dark-pattern detection in
the scanner, and a tamper-evident consent record audit trail.

This is the initial public release. Prior development history is
retained internally.

See README.md for the feature list, architecture overview, and
quick-start instructions. Licensed under the Elastic Licence 2.0 —
self-host freely; do not resell as a managed service.
2026-04-14 09:18:18 +00:00

52 lines
1.6 KiB
Docker
Raw Blame History

# ── Build stage ──────────────────────────────────────────────────────
FROM python:3.12-slim AS builder
WORKDIR /build
RUN apt-get update && apt-get install -y --no-install-recommends \
gcc libpq-dev \
&& rm -rf /var/lib/apt/lists/*
COPY pyproject.toml .
RUN pip install --no-cache-dir --prefix=/install .
# ── Runtime stage ────────────────────────────────────────────────────
FROM python:3.12-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
libpq5 curl \
&& rm -rf /var/lib/apt/lists/*
# Non-root user for security
RUN groupadd -r cmp && useradd -r -g cmp -d /app -s /sbin/nologin cmp
WORKDIR /app
# Copy installed dependencies from builder
COPY --from=builder /install /usr/local
# Copy application code
COPY . .
RUN chown -R cmp:cmp /app
USER cmp
EXPOSE 8000
HEALTHCHECK --interval=30s --timeout=5s --start-period=30s --retries=3 \
CMD curl -f http://localhost:8000/health || exit 1
# Start the server. Database migrations and the initial-admin
# bootstrap are owned by a separate init container (see the OSS
# docker-compose in consentos-deployment) — the API assumes the
# schema is ready by the time it starts.
# Workers configurable via WEB_CONCURRENCY (default 4, use 1 for 256MB RAM)
CMD ["sh", "-c", "uvicorn src.main:app \
--host 0.0.0.0 \
--port ${PORT:-8000} \
--workers ${WEB_CONCURRENCY:-4} \
--access-log \
--proxy-headers \
--forwarded-allow-ips '*'"]
Reference in New Issue View Git Blame Copy Permalink