Porteus Kiosk Server

Porteus Kiosk Server is built on top of the standard Porteus Kiosk operating system. The main purpose of the system is to allow accessing and performing management tasks on the kiosk clients even if they are placed behind a NAT, proxy or firewall.

Porteus Kiosk Server is different compared to the standard kiosk ISO in the following aspects:

  • Administration Panel is launched during system startup instead of the browser
  • Bottom panel is available
  • For doubled security manual customizations on the server ISO level are not allowed
  • Porteus Kiosk Server variant "Premium" requires installation on writable media and has 'automatic updates' service forced for the system
  • Contents:


    Setup procedure


    Terms and conditions

    Troubleshooting connection problems

    Remote management

    Real time monitoring of the client resources

    Client logs

    Files utilized by the clients

    Server migration

    Server reconfiguration


    Once the server and clients are up and running, a SSL tunnel is created between them to allow communication through the SSH and VNC protocols (both are embedded in the SSL tunnel).

    The following requirements must be met for the server to work:

  • The server must be installed on the network in a location which is accessible by the clients.
  • SSL tunneling daemon listens on port 443 so incoming connections on this port must be allowed in your router/firewall configuration.
  • If PK Server is installed on the virtualization platform like VMware, Hyper-V, VirtualBox, QEMU then at least 2GB of RAM and 64MB of video memory should be allocated to the virtual machine otherwise the server may not work correctly.
  • Porteus Kiosk Server version "Premium" must be able to access porteus-kiosk.org domain on ports 80 and 443 in order to validate the subscription and receive the updates. Please make sure your firewall is not blocking these ports and our domain.

  • The following requirements must be met on the client's side:

  • Client must be able to reach Porteus Kiosk Server on port 443 the same way its accessing e.g. google.com website (client initializes connection to the server).
  • The kiosk clients must be installed with support for Porteus Kiosk Server enabled in the wizard. kiosk_server and client_id parameters must be present in kiosk config. Client ID must be unique for each kiosk.

    EXCEPTION: Porteus Kiosk clients in version 4.3.0 and above can be configured with parameter 'client_id=automatic' which is the same for all clients.

  • SSH and VNC services must be enabled.

  • Setup procedure

  • Download Porteus Kiosk Server installation ISO from our download page.

  • Boot the system and follow the wizard to setup an internet connection, choose preferred browser and select the server variant you would like to install. If you select version "Premium" then please send the Server ID to sales@porteus-kiosk.org in order to get the server activated.
  • When the server is up and running, configure the kiosk clients with support for Porteus Kiosk Server. Make sure the kiosk_server and client_id parameters are present in the kiosk config and ssh/vnc access to the client is enabled.
  • NOTE: if you use remote management with nested configurations enabled then kiosk_server parameter should be placed in the GLOBAL section of your remote config while client_id must be placed in the PCID sections and be unique per kiosk. Sample config can be found here.

    EXCEPTION: Porteus Kiosk clients in version 4.3.0 and above can be configured with parameter 'client_id=automatic' which does not have to be unique per client and can be placed in the GLOBAL section of remote config. Sample configs for clients 4.3.0 and above can be found here and here.

  • Once all kiosk clients are booted you can update the clients list in the Administration Panel and start management or monitoring tasks.

  • Porteus Kiosk Server overview (not all features are covered in it):

    Product comparison and pricing

    Porteus Kiosk Server is offered in two variants: "Basic" and "Premium". Variant "Basic" is available for free while variant "Premium" requires subscription which costs €300 euros (excl. VAT) per year.

    NOTE: Server "Premium" subscription does not cover an automatic updates and support subscription for the kiosk clients. If you want to have the updates and support subscription enabled for the clients then you need to buy it separately.

    The Administration Panel included in each system version supports a different number of functions depending on the variant that was selected during the installation:

    Basic Premium
    General features:
    Administration panel
    Number of supported clients Unlimited Unlimited
    Monitoring tasks:
    Monitor which kiosks are online
    Display client details: system/browser/kernel version, MAC/IP, hostname, other
    Monitor client resources: CPU, RAM, temperature, used bandwidth, other
    Monitor system log of the clients
    Interaction with the clients:
    Wake On Lan
    VNC connection: view-only or interactive
    SSH connection
    Mount remote filesystem locally
    Synchronize local and remote content
    Restart browser/Xorg session
    Reconnect/reboot/shutdown the client
    Update browser homepage (use remote management for persistent change)
    Send custom command to the client: e.g. display notification
    Generate detailed system log of the client
    Remote management:
    Host client configuration on the server
    Host client files on the server
    Automatic updates for the server (new features and security fixes)
    Email notifications (e.g. client went offline, high server CPU usage)
    Backup and restore server files
    Persistence for the client list, logs, config, files and custom startup scripts
    Server Wizard allowing customization of default server settings
    SSH and VNC access to the server from other PC
    Removable devices support
    Bottom panel with application launcher, task manager, systray, etc
    VMware tools/VirtualBox guest additions
    Price (excl. VAT): Free €300/year

    Terms and conditions that apply to Porteus Kiosk Server variant "Premium" subscription

    1) Before you buy the subscription for the "Premium" version of the product you are obliged to try "Basic" version (available free of cost) and ensure that kiosk clients are able to connect to the server. If communication issues occurs please contact support@porteus-kiosk.org and we will assist you with resolving them.

    2) You are entitled to a 30 days free trial of the "Premium" version of the product. Please contact with sales@porteus-kiosk.org in order to activate the trial.

    3) In order to use "Premium" version of the product you must deliver the Server ID number to our sales department at sales@porteus-kiosk.org. Server ID is displayed in the wizard during system installation.

    4) We accept online payments only: bank transfer (preferred), PayPal or credit card payment. Please do not send us bank cheques as they wont be processed. Payment details are included in the invoice which we send to you.

    5) Your server will be activated in our database within 24 hours after receiving the Server ID number. During next boot the system will upgrade automatically and receive full functionality listed in the product comparison table.

    6) The server subscription is valid for 12 months. Renewal notice will be sent to your email address 30 days before the subscription expires. If the subscription is not extended for another year then server stops working.

    7) If you want to cancel the subscription and return to the "Basic" version of the product then you need to query sales@porteus-kiosk.org and the remaining part of the money will be returned to your account.

    8) Porteus Kiosk Server issues (configuration, software, hardware) will be resolved without additional charge during whole subscription period. Standard support queries will be answered within 24 hours over an email. Urgent/critical issues affecting the server will be resolved through remote assistance (VNC, TeamViewer, etc) within the same time frame.

    9) You have the possibility of moving the subscription from one server to another in case of e.g. hardware failure. Just send us the Server ID which should be deactivated and the new one which should be activated in our database.

    Troubleshooting connection problems

    If you expercience problems with connecting clients to the server then please do as follows:

    1) Make sure that kiosk client was configured with following parameters enabled (sample values used below). These parameters are required to make connection to the server:






      additional_components=08-ssh.xzm 09-x11vnc.xzm (add other components like uefi.zip, printing, etc if needed)

    2) Type server address (value of the kiosk_server= parameter with 'https://' prefix added) in the browser URL bar on the client:


    Press enter and check if you can connect to the Server. If browser returns 'Secure connection failed' message then everything is OK.

    Error message indicates that browser did not have a valid certificate to be able to connect to the "stunnel" daemon and this is expected.

    If you receive 'Unable to connect' message then it's your network or firewall configuration fault. Please remember that client must be able to access Porteus Kiosk Server the same way it's accessing the homepage or "porteus-kiosk.org" website.

    3) Press 'Refresh list' in the Administration Panel of the server to check if client connected succesfully.

    Remote management

    Clients in version 4.1 can be configured to download its configuration file directly from Porteus Kiosk Server. This is useful if you want to avoid using 3rd party web hosting service. Please follow remote management document for more informations about this feature.

    Kiosk configurations which are stored on a web hosting service must be saved in a plain text so its possible to edit them easily. This requirement may bring security concerns which are addressed by Porteus Kiosk Server. Configurations stored on our server are encrypted by default and should be added, modified and deleted using Administration Panel only. Config files are downloaded by the clients through secure SSL and SSH tunnels so should never be captured and malformed by an attacker.

    Setup procedure is very similar to remote management with configs stored on a web server. Changes are bolded below:

    a) boot Porteus Kiosk installation ISO on the target PC

    b) setup network then select 'Launch wizard to create new configuration' on the initial wizard screen

    b) enable 'Remote kiosk management' in the wizard options and provide name of the config which will be stored on the server. Following format is required: server://config_name

    NOTE: 'server://' part is a text string indicating connection type and cant be replaced with your server IP or domain.

    c) set other kiosk functions as you like

    d) on the final configuration page in the wizard take a copy the config and send it to your email address or save on removable media

    e) add your saved config in the 'Remote Management' tab of the Administration Panel on PK Server. Preserve name of the config which was provided in the wizard.

    f) install kiosk and check if it's able to download the config from the server during first boot

    Configuration of additional kiosks:

    a) boot Porteus Kiosk on target PC

    b) setup network then select 'Point kiosk to existing remote configuration' on the initial wizard screen and provide name of the config which is stored already on Porteus Kiosk Server, example: server://group1.txt

    c) install the kiosk

    Real time monitoring of the client resources

    WARNING: large number of monitored clients may cause performance impact on Porteus Kiosk Server. In the Administration Panel you need to explicitly select clients and resources which you want to monitor. Only first 100 (online) clients are currently allowed for monitoring - this is to ensure that PK Server can operate normally despite of extra tasks added. Hardcoded limit may be risen in the future if there is a demand for it.

    If you notice that server CPU usage (visible in the conky applet) goes to 70% and above then please lower the number of clients or resources which are monitored. If your server has dedicated 4 cores of Intel i3 class CPU or higher then it should handle 100 clients without much stress - see screenshot below.

    Client resources monitoring is implemented server side and works for all client versions including 32bit kiosk releases!

    Following data can be pulled from the clients: usage of CPU/RAM/swap/root (virtual filesystem)/storage (persistent partition), CPU temperature, downloaded/uploaded data and client uptime. This feature may be useful for debugging purposes and proactive maintenance.

    Data are presented in the Administration Panel and updated every 2 seconds. Its possible to sort the client list by specific categories, e.g. highest CPU usage.

    If your project requires monitoring some other client resources then please contact us and will consider adding them to our platform.

    Porteus Kiosk Server with Intel i3 CPU handling 70 clients monitored in real time, client list is sorted by the uptime category:

    (click to enlarge)

    Client logs

    If kiosk client is in version 4.1 or above then it will automatically send its system logs in severity warning or above to PK Server. This is useful for proactive support and gives you a chance to take an action before critical condition occurs.

    Client logs are displayed in the reverse order (newest on top) in the Administration Panel. They are stored on the server in /var/log/remote.log file which is persistent across server reboots but gets rotated once it reaches 1MB in size. Administration Panel allows to view full client log, filter client logs by specific string (e.g. client ID), display archived (rotated) logs or delete all client logs from the Server.

    If the 'Client Logs' tab in the Administration Panel remains empty then you can be almost sure that your kiosks work without problems.

    Please do as follows to check if logging works correctly:

    a) open SSH connection to the client

    b) generate event with following command:

      logger -p local2.warning Please help - im having troubles

    c) check if the log you just generated is recorded in 'Client logs' tab of the Administration Panel

    If you run following command on the client side:

      logger -p local2.notice Please help - im having troubles

    then your message will get into system log of the client (/var/log/messages) but will never be transported on the server as its severity level is below 'warning'.

    If client logging does not work as intended then please contact support@porteus-kiosk.org for assistance.

    Files utilized by the clients

    Clients in version 4.2 and above can be configured to download files directly from Porteus Kiosk Server. You need to add the files to PK Server using Administration Panel ('Client Files' -> 'Add file') and then configure the clients using server:// string instead of traditional http(s):// or ftp://.

    Currently supported parameters are listed below:






    Please mind that video file used for the 'screensaver_video=' parameter is an exception and cant be hosted on the Server.

    WARNING: Please do not upload your kiosk configs to the 'Client Files', you need to use the 'Remote Management' section for this otherwise the config wont be accessible for the clients.

    If you get into troubles with configs or files stored on Porteus Kiosk Server then please contact support@porteus-kiosk.org for assistance.

    Server migration

    Installed server is bound to the hardware, for this reason you cannot move the hard drive or clone the virtual machine when migrating the server. Your old server will refuse to boot on a new hardware.

    Please complete following steps to perform the migration:

    1) install PK Server on new hardware and provide it's Server ID for a temporary activation to sales@porteus-kiosk.org

    2) generate backup on the old server (using 'Administration Panel -> Tools -> Backup server files' utility) and restore the backup on your new server

    3) when backup is restored and everything is confirmed to work (you may need to update your firewall/DNS rules to redirect the clients to your new server IP address) please contact sales@porteus-kiosk.org and ask for a permanent swapping of your server subscription to the new Server ID

    Your old server will be deactivated when the migration is finished.

    Server reconfiguration

    Porteus Kiosk Server system is read only (for the safety reasons only selected folders are persistent) and its config is encrypted. If you want to change the settings which you selected in the wizard during server installation: IP address, VNC port, SSH password, etc then you need to reinstall the server.

    When reinstalling the server please keep persistent partition unformatted (this is default option in the installation wizard) so your custom files: remote configs, client logs, client files, etc will be still available when the server is back online.

    Please also do a server backup before reinstallation: 'Administration Panel -> Tools -> Backup server files' and copy the backup to your own PC. This is to cover an emergency case when something goes wrong during the reinstallation.

    Server ID is generated from the hardware so it wont change when you reinstall the server.