Github Pages

 20 Sep  |  Roy Ragsdale

Today I learned about GitHub Pages.

This was similar in many ways to when I learned about Gitlab Page but there where some differences. The most substantive are:

  1. No integrated CI
  • requires a manual deploy step
  1. More complex HTTPS setup

The guide I followed for SSL was the aptly named Secure and fast GitHub Pages with Cloudflare.

The guide I followed for hugo was also appropriately Host on GitHub and in particular the organization pages portion.

With regards to #1 above, the requirement to push to another repository and use a git submodule is a bit of additional, and undesired complexity. I really dislike git submodules.

The major hiccup came when enabling SSL. Everything was green and good to go with an active certificate on the Cloudflare dashboard. DNS was working, with the correct redirects. But all requests where ending with:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

After all kinds of troubleshooting, adjusting DNS records, and the redirects, and “flavor” of SSL. I eventually figured it couldn't hurt to try support.

Once I actually found a way to make a request (and not just search common problems). Everything went surprisingly quickly. Within 20 minutes I received a message back that:

Your certificate was stuck in the pipe-line but I I have reordered it now. I'll go ahead and close this request out but if you are still not seeing your SSL working in 24 hours please feel free to re-open this ticket and let us know and we will escalate your case.

At first I was wary of this “turned it off and on again” style response, but lo and behold the certificate status changed back to “Authorizing” and just a few hours later I was good to go. Lots of points for Cloudflare support.

Throughout this I also learned about the “flavors” of SSL offered by Cloudflare. In particular the difference between Flexible, Full, and Full (Strict) (images courtesy of <support.cloudflare.com>).

Flexible Full Strict

Clearly Flexible leaves something to be desired from a security perspective since there are no grantees between CF and your actual end host. Even Full (the only option available with GitHub Pages) does not require full end to end valid encryption.

One way to use Strict is be getting an origin certificate from CF. This is how Gitlab supports Strict.

*disclaimer: this was posted the next day so it was a slip on beeminder but that was due to competing priorities, not because I didn't learn *

web  github  gitlab