HTTPS on Custom Domain

Question

HTTPS on Custom Domain

Opened this issue 9 years ago · 3 comments

Hi,

Noticed your documentation went all the way up to using custom domains w/ Github Pages. However, there's one more pretty important step that you might have missed out - Getting to HTTPS with the custom domain.

How about LetsEncrypt with Kloudsec CDN?

Full disclosure: I work at Kloudsec

Answer 1 · 2016-03-07T13:18:18.000Z

Since the origin doesn't support https, wouldn't this essentially be a cloudflare-style MITM attack?

Answer 2 · 2016-03-07T13:40:54.000Z

Hah, we call it man-in-the-middle act of security. That said, you are right. The encryption only happens from Custom Domain <-ENCRYPTED-> Kloudsec's Anycast Network <-NORMAL-HTTP-> Github.

But hey, if you live in a country that doesn't give a shit about your privacy like I do. Any HTTPS is better than none.

That is not to say we do not support full-stream encryption. But it requires another step of integration on the origin server.

In this case, we can't configure Github so..

Answer 3 · 2016-03-08T12:37:47.000Z

I think that could be done with CloudFlare as well.

Disclosure: I do NOT work at CloudFlare