Closed david-a-wheeler closed 6 years ago
This feature would have prevented a lot of inconvenience for the Rust project, where we had to set up and debug a CDN as a workaround (https://github.com/rust-lang/rust/issues/13180). With the advent of Let's Encrypt, getting certs for arbitrary domains can be easily automated with minimal overhead for the domain owner. Please support HTTPS on custom domains.
Note that this is not a new unknown issue. Eric Mill said: "Of course, the work's not done until GitHub Pages supports HTTPS for custom domains. GitHub hosts a huge number of project, personal, and conference sites that use custom domains -- including GitHub's own CodeConf site -- which all continue to put their users at risk." https://konklone.com/post/github-pages-now-sorta-supports-https-so-use-it
AWESOME! thanks for the reminder
GitHub supports https on their main site, and as of June 2016, GitHub supports HTTPS on github.io pages (see https://github.com/blog/2186-https-for-github-pages). And that's great!
However, if projects use their own custom domain, and serve it via GitHub project pages, then HTTPS is not currently supported. There’s a workaround, but it’s not clear that it’s really secure and it imposes additional complexities: https://developer.ubuntu.com/en/blog/2016/02/17/how-host-your-static-site-https-github-pages-and-cloudflare/. Many projects use github.io pages; a sample list is here: https://github.com/showcases/github-pages-examples
Please add support for HTTPS to project custom domains; that will complete the protection of GitHub-hosted material via HTTPS.