A secure kiosk application that launches Chromium in kiosk mode and provides an authenticated proxy for the Evalify platform.
This application consists of two main components:
- Main Kiosk Application (
evalify-kiosk) - Launches Chromium in kiosk mode and runs an authenticated proxy server - Key Encryption Utility (
encrypt_key) - Encrypts sensitive keys using AES-256-GCM encryption
- Rust (latest stable version)
- Chromium or Google Chrome browser
- Linux environment (tested on Linux systems)
Copy the example environment file and configure your settings:
cp env.example .envEdit the .env file with your configuration:
ENCRYPT_PASSPHRASE="your-encryption-passphrase-here"
BACKEND_BASE_URL="http://evalify.amritanet.edu"
EVALIFY_URL="http://evalify.amritanet.edu"
LOCAL_AUTH_KEY="your-local-auth-key-here"
KIOSK_KEY="your-kiosk-key-here"Build optimized release binaries:
cargo build --releaseThis will create the following binaries in target/release/:
evalify-kiosk- Main kiosk applicationencrypt_key- Key encryption utility
If you need to generate a new encrypted key blob:
./target/release/encrypt_key encrypted_blob.b64This will create/update the encrypted_blob.b64 file with your encrypted kiosk key.
./target/release/evalify-kioskEVALIFY_URL="https://your-custom-url.com" \
BACKEND_BASE_URL="https://your-backend.com" \
LOCAL_AUTH_KEY="your-auth-key" \
./target/release/evalify-kioskOnce running, the application will:
- Launch Chromium in kiosk mode pointing to the configured Evalify URL
- Start a proxy server on
http://127.0.0.1:8473
The Chromium browser will open automatically in fullscreen kiosk mode.
The application launches Chromium with extensive security and kiosk-specific flags:
- Full-screen kiosk mode
- Disabled extensions, plugins, and external access
- Incognito mode for session isolation
- Disabled user interactions (printing, saving, etc.)
- Enhanced security settings
- Local Authentication: Requires
X-Local-Authheader matching your configured key - Origin Validation: Only accepts requests from the configured Evalify URL
- Encrypted Headers: Adds encrypted kiosk identification to backend requests
- Request Forwarding: Transparently forwards authenticated requests to the backend
cargo build# Run main application
cargo run
# Run key encryption utility
cargo run --bin encrypt_key -- encrypted_blob.b64| Variable | Description | Required | Default |
|---|---|---|---|
ENCRYPT_PASSPHRASE |
Passphrase for AES encryption | Yes | - |
BACKEND_BASE_URL |
Backend API base URL | No | http://evalify.amritanet.edu |
EVALIFY_URL |
Frontend application URL | No | http://evalify.amritanet.edu |
LOCAL_AUTH_KEY |
Authentication key for proxy requests | Yes | - |
KIOSK_KEY |
Kiosk identification key | Yes | - |
- Keep your
.envfile secure and never commit it to version control - The
LOCAL_AUTH_KEYshould be a secure, randomly generated string - The
KIOSK_KEYis encrypted before transmission to the backend - All proxy requests require proper origin and authentication headers
-
Environment variables not found: Ensure your
.envfile is in the project root and properly formatted -
Chromium not found: Install Chromium or Google Chrome:
# Ubuntu/Debian sudo apt install chromium-browser # Or Google Chrome wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add - sudo sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list' sudo apt update && sudo apt install google-chrome-stable
-
Permission issues: Ensure the binary has execute permissions:
chmod +x target/release/evalify-kiosk chmod +x target/release/encrypt_key
-
Port conflicts: The proxy runs on port 8473. Ensure this port is available.
Licensed under the Apache License, Version 2.0. See LICENSE file for details.