[1]: https://help.github.com/articles/securing-your-github-pages-...
It's like GitHub pages on steroids and includes free Let's Encrypt based SSL for custom domains, can run builds from your GitHub repo with any static site generator, supports rewrite/redirect rules/proxying/form processing/password protection and much more...
So it's free and doesn't have quota buckets? Checks it out.
This is nothing like GitHub pages… It costs money and has quota buckets
Maybe GH doesn't want the responsibility of hosting everyone's private keys.
> HTTPS is not supported for GitHub Pages using custom domains.
Not unsurprising, but unfortunate.
Do you have any idea how TLS actually works? If this worked out of the box for custom domains, then GitHub would need to be able to impersonate those domains.
At the very least you'd need a way to upload a private key/cert combo that they could server in response to an SNI request. Given the sheer number of sites that they host (every user effectively has a custom GitHub pages page) that's not really feasible though. Hence only support for *.github.io as that only requires a single wildcard cert.
If you redirect your domain to my webserver, I can get a certificate for it. E.g. from Let's Encrypt.
Wordpress.com uses that and offers SSL certificates to "million-plus"[0] blogs with custom domains. It's certainly doable at scale, although I totally understand it not having priority for GitHub (esp if it doesn't fit their current technical setup).
[0] https://en.blog.wordpress.com/2016/04/08/https-everywhere-en...
So client to Cloudflare is well protected but Cloudflare to Akami is vulnerable to MITM.
(And according to this new news Akami to Github is properly protected now)
[1] https://support.cloudflare.com/hc/en-us/articles/200170416-W...
That's literally what this article is about.
I "cheated" the system by having a script that will redirect you to the HTTPS version if you click on anything from the HTTP protocol, which kind of accomplishes forcing the HTTPS encryption, but not really.
Then I've decided to switch to my own domain and just use CloudFlare (+ whitelisting Tor).
Now I'm kind of thinking about switching to GitLab Pages since they pretty much kick the hell out of GitHub Pages in every single way when you compare their features (like, you can use any static site generator and you can roll your own Lets Encrypt SSL certificate on them).
But still, you can do other things like selecting a different code highlighter (which GitHub deprecated recently).
It's a feature they introduced pretty recently (~ a month ago IIRC), but it always kind of worked with CI + some tinkering (I know this because my organization used our own instance of GitLab as our publishing platform before this feature became a thing).
disclaimer: co-founder of Aerobatic
2 sites, 1 domain, 5 deployments in a 24 hour period
something something Amazon US East
[1] https://help.github.com/articles/securing-your-github-pages-...
- You CAN force HTTPS for your *.github.io site.
- You CAN use an https://yourname.github.io URL.
- You CANNOT use a custom domain name with a fully secured HTTPS connection.
[1] https://konklone.com/post/github-pages-now-sorta-supports-ht...
Just be sure to delete your CNAME file, based on a recent Github behavior change.
You have been able to request Pages sites over HTTPS for some time, but we refrained from officially supporting it because the traffic from our CDN to our servers wasn't encrypted until now.
