Github pages with custom CNAME security - security

Github allows you to host static pages on your own domain name. The procedure is described here: https://help.github.com/articles/setting-up-a-custom-domain-with-pages
It mentions that you have to create a file called CNAME in your repository to make sure your domain is mapped to this repository.
What would happen if someone else would create a pages repository with your domain name in their CNAME file? Would they be able to hijack your domain this way, or will Github forever associate this domain name with your repository?

First of all, if you take the CNAME first, you're safe. GitHub Pages will raise an error to anyone who would try to create the same CNAME file. This if a bit frustrating with forking such repository.
On the second hand GH Pages recently added an option to set DNS to a specific account, using CNAME DNS record instead of A like this:
www.example.com CNAME username.github.io
Checkout the page you mentioned for more info: https://help.github.com/articles/setting-up-a-custom-domain-with-pages

Currently accepted answer is partially wrong.
Yes, you are safe as long as you claim domain name first and as long as it is set up in you repository.
But linking CNAME to specific account just does not do anything. It could work in past, but now it is simply broken. Even if you set up CNAME with your account name, anyone can still use your domain if you did not set it up in your repository. You can check my detailed post about this problem here.

Related

How can I point multiple domain names to the same GitHub Pages site?

This seems like it should be a trivial task but isn't proving to be one for me...
How should I go about pointing multiple domain names to the same GitHub Pages hosted site?
Example:
I have created an account named test on GitHub and created a repository test.github.io
I bought test.com
I configured test.com's DNS as below
I have told GitHub Pages to enforce https and look out for custom domain test.com
My site is now live on test.com and www.test.com, woohoo!
DNS Config for test.com:
A # 185.199.108.153 (github's nameserver)
A # 185.199.109.153 (github's nameserver)
A # 185.199.110.153 (github's nameserver)
A # 185.199.111.153 (github's nameserver)
CNAME # www.test.github.io (for www redirect)
I would ALSO like example.com (and a few other domains, foo.com, bar.com and foobar.com) to redirect to test.com
How do I do this?
With an apache server, this would be easy, be GitHub Pages only supports static sites.
Any ideas?
As always, thanks for any suggestions!
The ideal place to have this redirect is your DNS provider. You can redirect foo.com, bar.com, etc. or whatever you want to test.com. Alternatively, if you happen to use Cloud Flare, forwarding can easily be setup from there too.
But if you don't want to do that and insist on using Github only, refer to this answer. What you can do in this case is create another repository (other than test.github.io) with same contents and link it to another domain such as foo.com. You can use Github Actions or something to sync your changes from main repo to the others.
Of course, the only drawback of this method is that for every domain you want to link, you'll have to create an additional github repo.
I've accepted #Prahlad Yeri's answer from above, and am just leaving this here so that other's who stumble onto this question can easily figure out how to do this... As mentioned "The ideal place to have this redirect is your DNS provider"
To do this with domains purchased from domain dot com it is VERY simple, and even INSTANTANEOUS! I can imagine with GoDaddy or other providers it will be similar.
On Domain dot com's control panel:
Log into account for the domain you wish to redirect
Go to "Pointers and Subdomains" on the left sidebar
Choose either "URL Standard" or "URL Stealth" from the pointer options, then enter the desired redirect URL in the "Directory" field
Press Save and you're good to go, immediately!
URL Stealth means that your URL will remain as what the user has typed in, and URL standard means it will display the URL of the site that you've directed to. More documentation on pointers and subdomains (for domain dot com) can be found at domain.com/help/article/domain-management-how-to-update-domain-pointers

Gitlab pages: verify domain ownership

This might look like a duplicate but i can't seem to find the answer to this question on other similar threads.
I've been trying to verify my custom domain on gitlab pages but it keeps giving the 'failed to verify domain ownership' error. My DNS settings are set like this. On gitlab i've added the domain in the settings/pages tab.
When going to the domain now, it only shows a gitlab 404, which is the exact same as just entering '52.167.214.135' in the address bar. I've waited a few days for the verification.
What am i doing wrong, and how can i fix it?
(Note: The TTL of 1min is only temporary for testing purposes)
The Gitlab documentation for setting a personal domain is wrong. If you want to set to your page the www.foo.bar subdomain Gitlab give you this entries to add in your DNS file.
www.foo.bar CNAME free_zed.gitlab.io.
_gitlab-pages-verification-code.www.foo.bar TXT gitlab-pages-verification-code=776615a3e132b0f5a6638c7e26e59084
This cannot work, you had to use these entries instead : 
www CNAME free_zed.gitlab.io.
_gitlab-pages-verification-code.www TXT gitlab-pages-verification-code=776615a3e132b0f5a6638c7e26e59084
See Gitlab pages issue

GitHub Pages: setting up custom domain

I've got an organization page set up and running in GitHub and things seem to be working...but I'm a little confused. I'd like to actually understand the process since the GitHub Help article refers to taking advantage of their CDN and DoS services, so bear with me.
Step 1: Created CNAME file in repo with domain 'example.com'
Step 2: Grabbed IP from dig example.github.io +nostats +nocomments +nocmd
Step 3: Entered IP from Step 2 into the 'A' record (see image below)
I decided to stop here and see where it got me, and to my surprise it seems to have done the trick. The example.github.io domain correctly redirects to the example.com domain and displays the content from the repo.
However I was informed that after the DNS props, you can dig example.com and see the CNAME record pointing to example.github.io. I do not see this, and I dislike thinking that I didn't set things up correctly. Any thoughts/comments/tips welcome, thanks!
In order to take advantage of the CDN and DoS services provided by GitHub Pages, you'll need to set up a Subdomain (eg www.example.com or blog.example.com) instead of an Apex domain (example.com).
From the GitHub Help page you referenced:
If you are using an apex domain (example.com) instead of a subdomain
(www.example.com) and your DNS provider does not support ALIAS
records, then your only option is to use A records for your DNS. This
will not give you the benefit of our Content Delivery Network.
Here's a setup (looks like you're using GoDaddy for DNS) that would work to get your Organization Pages working as desired:
This is actually for a Project Page within an Organization, but for either one, you'll set the CNAME record for www to organization.github.io, not something like organization.github.io/project. Don't change the A record for # (mine is the default from GoDaddy).
If you want to get your Apex domain (example.com) to redirect to the new subdomain (www.example.com), then you can point your Apex to your subdomain with Domain Forwarding like this:
With that setup, you'll get to take advantage of GitHub's CDN, which you may notice is provided through fastly. Here's how my domain looks to dig:
It is also possible to use a CNAME record for an APEX domain using the free DNS service provided by CloudFlare in which case you can also use your domain without the www (or any other subdomain) and still benefit from CDN & DoS.
I've written a step-by-step guide here: Speed up your GitHub Pages website with CloudFlare
PS: Apparently using ALIAS records is a bad idea... click here to see why.
DNS records are publicly available. There's no way of masking them in this instance. From the way you describe it, you have done everything right. There is nothing that makes me thing you set this up incorrectly.

Not able to set my domain name

I am trying to map my site which is on github pages (tusharmath.github.io) to a particular domain (tusharm.com) using cloudflare name servers.
Its been more than a day and i can still not see view my website on tusharm.com
Steps followed -
Added a CNAME file with value tusharm.com in the gh-pages branch on github.
Updated name servers on CrazyDomain that were provided by CloudFlare.
tusharm.com is loading the same content as tusharmath.github.io at this time, which would lead me to believe you were able to fix things here. Did you need to make any further changes to get this working?
p.s. I work for CloudFlare.

How can I stop a github project page (or other subpage) from showing custom domain name?

I'm using GitHub pages to host my blog. I've set up a CNAME record in the repository and added an A record and CNAME record to my domain registrar (123-reg). This is working fine so now my personal page donskifarrell.github.com -> donalfarrell.com.
This also makes all my project pages map to the same new domain, eg. donskifarrell.github.com/calex -> donalfarrell.com/calex.
While this is quite nice to have, it is proving to be troublesome for one of my projects.
Is there any way to modify my setup so that certain project pages do not use my own custom domain and instead retain the github url?
Thanks
There isn't really a way to prevent the redirect from happening.
However, if it will help to have that project at a different domain or a subdomain, you can use a CNAME file in the project's gh-pages branch to override your user redirect with a project-specific one.
See more info at the bottom of: https://help.github.com/articles/user-organization-and-project-pages

Resources