If you are a good web developer and you care about your users, you should have SSL on your website.
“A GOOD DEVELOPER CARES ABOUT SECURITY.”With GitHub being such a great option to host some small projects, websites, and blogs for free, wouldn’t it be nice if we could have that lovely HTTPS up in the search bar? Well for those lame people who just decide to use the default username.github.io/repository URL that GitHub provides, your job is already done. Congratulations! You already have SSL setup on your website.
Unfortunately, for us cool people who prefer having a custom domain on our websites, life's a little harder — but it’s still free.
I am assuming you already have your GH-Pages hosted website with a custom domain set up. If you don’t know how to add a custom domain to your GH-Pages, go read this!
If you really have no patience though, you can watch this video instead of reading the rest of these instructions.
Congratulations, you have made it halfway! You should probably take a little break here, you have worked hard to get to this point. Plus it could take up to a few hours (or up to 24 hours if you are an extremely unlucky person) for your website to be active on Cloudflare and accessible with the https protocol.
Here comes the important stuff. We need to tell those great search engines and make our visitors use the SSL version of our site.
Because GH-Pages is powered by Jekyll, you should have a “_config.yml” file in the root of your repository. If you don’t, it’s okay, just go and add a “_config.yml” file to the root of your repository.
url: https://yoursite.com
enforce_ssl: yoursite.com
<link rel="canonical" href="{{ site.url }}{{ page.url }}" />
All of that is going to let all those search engines that there is an SSL version of your website. Now you just need to redirect your visitors to the more secure version of your website.
<script type="text/javascript"> var host = "yoursite.com"; if ((host == window.location.host) && (window.location.protocol != "https:")) window.location.protocol = "https"; </script>
You did it! You now have your visitors using the SSL version of your site!
If all of the styles/scripts from your website just disappeared, try removing the protocol from your links all together like this.
<!-- from this --> <link rel="stylesheet" href="http://yoursite.com/path/to/yourstyles.css"> <!-- to this --> <link rel="stylesheet" href="//yoursite.com/path/to/yourstyles.css">
It's better practice to write your links without the protocol anyways.
If I missed anything, or if anything has changed since I wrote this, tweet me and I will come back and update this tutorial.
Should I be writing? That is a question that I have asked myself time and time again.
I have a problem. Whenever I start a project or whenever I am informed of one that people wish to bring me on board with, my addiction kicks in.
If you are a good web developer and you care about your users, you should have SSL on your website.