work in progress
Kiwix can only serve certain zim files via http, due to the way those files are constructed. However, if those zim files include content that was originally served via https, modern browsers will refuse to load it via http. So you need a local https to http proxy. Then you can point your prowser to an https server running locally, which forwards everything to the regular Kiwix http server, also running locally.
Generate self-signed certificate, valid for 1 day.
openssl req -x509 -newkey rsa:4096 -keyout - -out - -sha256 -days 1 -nodes -subj "/CN=localhost" > server.cert
Start your local https-to-http proxy, using socat. Disable client
certificates by issuing verify=0
. Assume that kiwix is listening on
port 8080.
socat ssl-l:1443,reuseaddr,fork,cert=server.cert,verify=0 tcp4:localhost:8080
Check that everything works:
curl -k https://localhost:1443
Now point your browser to https://localhost:1443
, double check the
warning message and inspect the certificate before “accepting the
risk”.