This project came about as a need to have a web portal for our HR software installed in our break rooms. I needed a low budget, easy to deploy solution that anyone can use. The goals for the project were to have a web browser that allowed user access to only a few websites, a locked down browser, and an inability to access the OS. There are a ton of mini-PC’s available at a wide array of prices. As a Windows admin, I was initially considering Windows 7 Pro in an effort to minimize OS creep across my systems. After examining the available mini-computers, I discovered that by the time I had a viable Windows 7 machine, I was looking at $350 or more minimum for the completed system hardware without the Windows license. The Android machines all had touch screen interfaces or seemed like they may be more of a hassle to work with than I’d like. I kept coming back to the Raspberry Pi. I ended up purchasing the following:
- CanaKit Raspberry Pi (with Case, sd card, and power supply)
- SanDisk Extreme Pro 8 GB microSDHC Class 10 UHS-I 95MB/s Memory Card
- Low-profile microSD card adapter
- Asus 24″ HDMI Monitor
- Right Angle HDMI
- Right Angle Electric Plug
- Tilting Wall Mount
Anyway, lets get down to building a Raspberry Pi Web Kiosk.
Step 0: Get all of the hardware.
Step 1: Get all of the software.
Step 2: Assemble all your pieces. No need to insert SD card or Power cord at this point.
Step 3: Unzip the Raspbian package
Step 4: Use Win Disk Imager to write the image to the SD Card
Step 5: Insert SD card into Raspberry Pi
Step 6: Plug in your Raspberry Pi
Step 7: You will use the config tool screen to do the following:
- Expand File System
- Change Password (to something you can remember)
- Change Hostname (to something you can remember)
- Enable Boot to Desktop
- Define Keyboard Layout (select Type, Language, Layout, No to Alt-G, No to Compose, No to Ctrl-Alt-Backspace)
- Advanced > Enable SSH (if you want to be able to remote into it)
- Advanced > Overclock to Medium
- Notes on overclocking: High and turbo both corrupted SD cards. The Turbo issue is documented.
- Finish to reboot
@xmodmap -e “pointer = 1 10 9 8 7 6 5 4 3 2”
The xmodmap command in to the autostart file disables right click by remapping the middle and right buttons to non-existent keys (assuming you have a 3 button mouse)
Step 13: Disabling all web pages but a few select ones
I am going to discuss my attempt to use iptables to do this in the next paragraph so that someone out there can tell me what I was doing wrong. However, I ended up downloading and installing Whitelist for Chrome. Then selecting the checkbox to deny all sites except approved ones. Then I added the few sites I needed.
Now, the reason you had dnsutils and jwhois in your apt-get command earlier is so that we could figure out which ip address you needed to add to the iptables. I couldn’t this to work. I also couldn’t get whois to work as it kept telling me “command not found.” That is where jwhois comes in.
I had 3 static web pages that I wanted to approve. I used the following iptable commands:
sudo iptables -A INPUT -i eth0 -s <destination-ip-address1>/32 -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth0 -s <destination-ip-address2>/32 -m state –state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -i eth0 -s <destination-ip-address3>/32 -m state –state RELATED,ESTABLISHED -j ACCEPT
Sudo iptables -A INPUT -p all –destination xyz.com -m state –state RELATED,ESTABLISHED -i eth0 -j ACCEPT
sudo iptables -A INPUT -p all –destination 0/0 -m state –state NEW -i eth0 -j DROP
iptables-save > /etc/iptables.conf
sudo nano /etc/rc.local then add the line iptables-restore < /etc/iptables.cong
Step 14: Install Flash player for Chromium (if you need it)
There are lots of forums on how to install flash for Chromium. All the advice there didn’t help me. The forums basically said you should be able to type sudo apt-get install flashplugin-nonfree and if you got an error you needed to update your install location repositories.
I just googled adobe flash, clicked on the get flash player now button, downloaded the tarball, extracted it, and moved libflashplayer.so to /usr/lib/chromium/plugins. Didn’t see that advice in any forums, so I wanted to share it with you.
- To get back to the Raspi configuration menu just type: sudo raspi-config
- If you use Vim to edit files, you can overwrite a read-only file by using this command: :w !sudo tee %
- Turbo mode will corrupt our SD card (I had it happen in High mode also)
- To backup your image, use Win32DiskImg and click read instead of write.
- How to create a desktop icon that will launch google in chromium:
- I couldn’t find this exact instruction anywhere else either, so I hope it helps:
- Fire up your command line and type: sudo nano /home/pi/Desktop/google.desktop
- In the file, type the following:
Comment=Launches Google in Chromium
Icon=location of a google icon you saved somewhere
3. Press ctrl+x to begin exit, select Y to Save.
4. File will appear on your desktop.