It’s official, cypher.codes is now served over HTTPS!
Since Github pages doesn’t support serving sites with custom domains over HTTPS, I naïvely didn’t think it was possible. But some carefully crafted search queries surfaced a Cloudflare tutorial to do just that.
This website is now encrypted between the user (you) and Cloudflare, and between Cloudflare and Github. I trust both these companies so I’m pretty pleased with this setup.
The whole migration (if you can call it that), including setting up a free Cloudflare account, changing domain nameservers and setting up the correct page rules, took less than an hour. And that included a phaff where I changed nameservers for cypher.cool mistake. I highly recommend every Github Pages user follows the steps in the link above.
Interestingly, I think(?) the certificate Cloudflare provides to cypher.codes visitors is shared with other other fun domains. (One of them an online casino, another a Russian porno torrent service).
Domains for which my Cloudflare certificate is valid
A nice added benefit is that Cloudflare automatically minifies your text assets (JS, CSS and HTML) and caches your content at it’s edge nodes (after all, they are a CDN) so you can expect the website to be smaller and quicker! Also, if someone tries to DDOS me, I should be better off.
In other news, I should win the award for the most verbose blog post title, right?
Update (May 6, 2018): As of May 1, 2018, GitHub pages supports HTTPS for custom domains! Today, I migrated cypher.codes off of Cloudflare’s HTTPS certificates and onto GitHub’s Let’s Encrypt HTTPS certificates. This migrate included a couple of minutes of
However, I’m still using Cloudflare for other security-related features (like DNSSEC)!