Thanks, this looks pretty cool!
Though, I should recommend against putting content like this on the controller. The controller is not designed to be a web server, hosting content like this and in environments where you have more than just a few users, this can result in serious issues.
If you can place the content on an external web server, and white-list access to that server from the guest's login role, you can still host the content and use an external captive portal for that.
The authentication POST from the index.html:
... method="POST" action="/auth/index.html/u" ...
.. should be changed to have the full https://<name-of-the-controller-certificate> in the action.
Another benefit is that if you have multiple controllers, there is no need to put the content on each of them. Also, the content management may be easier as it may be managed with the tools you have in place already for internet or intranet websites.