HDMI screen black border / offset+scaling issues / Websocket TLS issue in various Kiosk projects


TL;DR: I either need to solve the TLS certificate problem for Web Sockets used on the WPE build, or solve a HDMI display offset + scaling problem on one of the other builds, to get a 1920x1080 fixed-size dashboard style display to work on Balena + Raspberry Pi 3B+


I have tried the following projects to create a Web Kiosk to run a web application in, and am having troubles as shown:

Device 1: Raspberry Pi 3B+, balenaOS 2.29.2+rev1 Development, HDMI to a 23" 1920x1080p display
Device 2: Raspberry Pi 3B+, balenaOS 2.29.2+rev2 Production, HDMI to a 23" 1920x1080p display

URL points to a hosted web application (SSL) that utilises a Web Socket connection (also over SSL from the same domain on a different port). The web site works in a Chrome browser on a Windows PC, just for reference, and is sized at 1920x1080 fixed (it’s a dashboard style application). It is a registered SSL certificate with a popular certificate provider, not a self-signed certificate.

The physical HDMI displays are confirmed functional by displaying other HDMI 1920x1080 outputs from other devices (Windows PC, streaming set top box) and these report the same OSD diagnostic information (56.3KHz 50Hz PP 1920x0180) in the monitor.

Fleet Device Configuration

RESIN_HOST_CONFIG_gpu_mem_1024 396
RESIN_HOST_CONFIG_gpu_mem_256 128
RESIN_HOST_CONFIG_gpu_mem_512 196
RESIN_HOST_CONFIG_dtparam “i2c_arm=on”,“spi=on”,“audio=on”

Fleet Device Variables


(1) jayatvars/balena-chromium-kiosk
–>The page starts up and successfully retrieves the data from the secured web socket. However only the left half of the screen is visible, right half is black. There is a small black border at the top and bottom of the screen (about 1cm each) and a tiny black border at the left (~3mm). It looks like the border at the top is due to the screen being shifted downwards and then cut off at the bottom (as opposed to being scaled), as the bottom of the screen looks like even if there wasn’t the 1cm margin that it still would have a bit cut off.

(2A) balena-io-projects/balena-wpe
–>The page starts up, but then fails to proceed to the actual operating part, and “CONSOLE ERROR WebSocket network error: Unacceptable TLS certificate” message appears in the logs of the device in the balenaCloud console.
However the alignment of the screen is fine - i.e. no black “borders”, no vertical offset, and no horizontal stretching.
*** If the Websocket TLS problem could be fixed, this would be the preferred build ***

(2B) balena-io-projects/balena-wpe (modified)
A slightly modified Docker file that copies the CA certificate list downloaded from http://curl.haxx.se/ca/cacert.pem over the top of the /etc/ssl/certs/ca-certificates.crt in an attempt to get the SSL WebSocket working, but is otherwise identical to the base image.
–>The page starts up, but then fails to proceed to the actual operating part, and “CONSOLE ERROR WebSocket network error: Unacceptable TLS certificate” message still appears in the logs of the device in the balenaCloud console.
As expected, alignment & sizing are OK same as (2A)

(3) DiegoPomares/balena-rpi3-kiosk
Black bars at the top and bottom. Page looks to have been shifted down and then the excess cut off at the bottom. No black bars at the sides of the screen. However the whole “page” is horizontally expanded, so the right hand edge of what should be displayed is cut off.

==> Any suggestions on how to fix the TLS WebSocket problem on WPE?
==> Any suggestions on how to fix the shift + scaling issues on either of the other two Chromium based builds?


Hey @ajeremy wondered if you have seen this WPE issue report https://github.com/WebPlatformForEmbedded/WPEWebKit/issues/2 ? Wondering if maybe its just a matter of bumping the WPE version in the balena-wpe. It seems like there were some WPE changes around Dec 2018 for this. Not sure when WPE was updated in those base images.


Hey shaunmulligan,

I had found that bug report, and it seems to only be copying a new ca-certificates.crt file into the build (unless I have missed something?)

That bug report is the reason for image (2B), where as part of the Docket build I copied the latest data from http://curl.haxx.se/ca/cacert.pem to /etc/ssl/certs/ca-certificates.crt (instead of what was there already). I checked this ca-certificates.crt did end up in the build and indeed it did. I am not sure whether I also need to include other CA certificates in that folder (although I understand how SSL works, I am not sure about where browsers look for the CA certificates - does it use just the ca-certificates.crt file, or do you also need to have them all individually?)

balena-wpe has version 2.20 of WPE, current version is 2.24 released 2 weeks ago.


Hi @ajeremy sorry that didn’t provide much more info. I unfortunately don’t have enough knowledge of SSL and certs, especially with how WPE uses them. Perhaps @petrosagg would be able to help us figure out how to make use of a caCert in WPE?