Taylor Chen

Securing Custom Domain Github Pages

I have (finally) decided to get that shiny locked padlock icon for all my sites running as Github Pages. Github released HTTPS for Github Pages in June of this year. However, this feature does not support Github Pages using custom domains.

Securing your site with Cloudflare

I chose to use Cloudflare because offers a free tier for SSL. Note that the certificate issued to you will be from \*.cloudflaressl.com and is not considered full SSL because the connection from CloudFlare and Github Pages may not be secure. However, your site will behave as if it had full SSL and will offer security against attacks such as those on unsecured networks.

  1. Make an account / Log into CloudFlare
  2. Add your site(s), select the “Free Website” plan
  3. Make sure all the records autogenerated by CloudFlare matches the records you have with your domain registrar
  4. Update the nameservers to point at the ones provided from CloudFlare with your domain registrar
  5. Your site(s) should be served over https within 1-48 hours

Other considerations

var host = “<yourwebsite>.com”;
if ((host == window.location.host) && (window.location.protocol != “https:”))
window.location.protocol = “https”;