Locked Down Offline Wikipedia Kiosk on Raspberry Pi 4

CanaKit Raspberry Pi 4 (4GB) Starter Kit (Amazon Affiliate)
US: https://amzn.to/3azJgrW
UK: https://amzn.to/2JdMq9o
CA: https://amzn.to/3bwiRvY
ES: https://amzn.to/2T06LnM (similar)
FR: https://amzn.to/3cvIZrs (similaire)
IT: https://amzn.to/2Ar74Sj (simile)
DE: https://amzn.to/2AqfWHQ (ähnlich)
IN: https://amzn.to/3ey6fWj
AU: https://amzn.to/2VTUt1C
NL: https://amzn.to/3f5NdsD (vergelijkbaar)

Outstanding Issues
  • You can halt the boot process by holding down control-c. This doesn’t seem to allow the user to gain access to the system.
  • This wasn’t working with Raspberry Pi 2 or 3 at first but I added “sudo adduser kiosk video” to the setup and it works now. I don’t think older models have enough RAM to make it feasible with this setup.
General Notes

To exit Nano text editor, type: control-o to save and control-x to exit

Type “shutdown -h now” to shutdown from the terminal

Type “shutdown -r now” to reboot from the terminal

Setup Raspberry Pi
sudo raspi-config

Configure these options:

Change User Password
Boot Options > Desktop / CLI > Console Autologin
Localization Options > All
Advanced Options > Overscan
Advanced Options > Resolution*

* This is only needed for Raspberry Pi 3 and older if you want a to change resolution.

Update System
sudo apt update && sudo apt upgrade
Install Packages
sudo apt install --no-install-recommends xorg openbox ufw nginx surf-display ttf-ancient-fonts
Add Kiosk User Account
sudo adduser kiosk
sudo passwd -l kiosk
sudo adduser kiosk video
Add startx to User .bashrc
sudo nano /home/kiosk/.bashrc
Change Resolution (optional)*
sudo nano /home/kiosk/.xsessionrc
xrandr --output HDMI-1 --mode 1280x720

* Only needed for Raspberry Pi 4 and newer if you want to change resolution

Change Autologin to kiosk User
sudo nano /etc/systemd/system/getty@tty1.service.d/autologin.conf
ExecStart=-/sbin/agetty --autologin kiosk --noclear %I $TERM
Download Kiwix Server


Download Kiwix Content (Zim File)


Send Kiwix Server and Zim File to Raspberry Pi (run on local computer)
scp ~/Downloads/kiwix-tools_linux-armhf*.tar.gz pi@raspberrypi.local:~/
scp ~/Downloads/*.zim pi@raspberrypi.local:~/
Decompress Kiwix Server
tar -zxvf kiwix-tools_linux-armhf*.tar.gz
Move Binaries to Executable Directory
sudo mv kiwix-tools_linux-armhf-*/* /usr/local/bin/
Move Zim File to Directory
sudo mv wikipedia*.zim /var/local/
Create Kiwix Service
sudo nano /etc/systemd/system/kiwix.service
Description=Kiwix Service
ExecStart=/usr/local/bin/kiwix-serve -mb /var/local/wikipedia_en_simple_all_nopic_2020-02.zim -p 8080
Start Kiwix Service
sudo systemctl enable kiwix
sudo systemctl start kiwix
Test Kiwix Server in a Web Browser
Configure Nginx Reverse Proxy
sudo nano /etc/nginx/sites-available/default
#try_files $uri $uri/ =404;
 location /catch/ {
 return 301 http://$host;
Restart Nginx
sudo systemctl restart nginx
Setup Surf Web Browser
sudo nano /etc/default/surf-display
Add surf-display to Openbox autostart script
sudo nano /etc/xdg/openbox/autostart
surf-display &
Disable Keyboard Power Button (Choose One Option)
sudo nano /etc/systemd/logind.conf
HandlePowerKey=ignore # Do nothing
HandlePowerKey=reboot # Reboot
Disable Ctrl-Alt-Backspace
sudo nano /usr/share/X11/xorg.conf.d/dontzap.conf
Section "ServerFlags"
    Option "DontZap" "true"
Disable Virtual Console Switching
sudo nano /etc/X11/Xsession.d/65srvrkeys-none
setxkbmap -option srvrkeys:none
Disable tty Consoles
sudo nano /etc/systemd/logind.conf
Disable Ctrl-Alt-Delete
sudo rm /lib/systemd/system/ctrl-alt-del.target
sudo ln -s /dev/null /lib/systemd/system/ctrl-alt-del.target
sudo systemctl daemon-reload
Disable Print Screen (and other key combinations)
sudo mkdir -p /home/kiosk/.config/openbox
sudo cp /etc/xdg/openbox/rc.xml /home/kiosk/.config/openbox/
sudo nano /home/kiosk/.config/openbox/rc.xml

Type control-w to search for ‘<keyboard>’

Go to the next line and press control-shift-6 to start selection

Select down to just before ‘</keyboard>’ and press control-k to remove configuration

You should end up with:

Setup Firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
sudo ufw status
Reboot System
sudo reboot
Set System to Read Only
sudo raspi-config

Advanced Options > Overlay FS

Leave a comment

Your email address will not be published. Required fields are marked *