LovelyWei's 废纸篓

A Noob.
(交换友链希望.

LovelyWei's avatar LovelyWei

为Hexo博客配置上HTTPS

9012年了,Chrome纷纷给各种HTTP网站打上不安全,由于我用了自定义域名,所以并没有小绿锁,为了”安全”一点,把博客也加上小绿锁好了

为博客添加HTTPS

方案一 Github Page 自带的证书

在去年六月,Github宣布支持自定义域的HTTPS了,下面来讲讲如何配置

首先到的域名提供商处修改的记录

Github称,如果需要为自定义域加上HTTPS,域名需要设置为A记录并指向下面几个地址其中一个 (不要问我为什么)

185.199.108.153
185.199.109.153
185.199.110.153
185.199.111.153


类似这样 (我其实设置的是@ 帮我显示成了域名)

如果域名设置为CNAME的话,证书到期了无法自动续签 (没错 Github使用的是Let’s Encrypt的证书)

网上搜索了相关案例,这是案例中客服的回复

Hello,
Thanks for writing in! I took a look and it appears that your custom domain is set up using a CNAME record. You’ll need to make some changes to your DNS settings before we’ll be able to renew the HTTPS certificate for your custom domain.
You’ll need to remove your existing CNAME record, and replace it with at least one A record that points to one of the following IP addresses:
185.199.108.153
185.199.109.153
185.199.110.153
185.199.111.153
Optionally, you can create additional A records that point to the other IP addresses from the list. Additional records essentially act as a backup in case of DNS or CDN issues, so having at least two is best practice, though your site will still function with just one.
Once you’ve replaced the CNAME record, you’ll need to visit your repository’s settings page, remove your custom domain and click save, then re-add it again. This will kick off the process of provisioning an HTTPS certificate for your domain name.
Once your certificate has been provisioned, you’ll then be able to enforce HTTPS by checking the “Enforce HTTPS” checkbox.
Bear in mind that it can take up for 24 hours for DNS changes to take full effect, and up to an hour for an HTTPS certificate to be requested, so if you follow these steps but are still having trouble, that’s usually why.
Cheers,
Steven

然后设置的CNAME文件

将CNAME文件放在网站的根目录(也就是Github Page 仓库的根目录中),配合设置域名的DNS解析,可以达到使用你自己的域名访问到博客的效果. (而不是 xxx.github.io)

这里讲Hexo博客设置CNAME文件时的一些坑

当我生成完文件,然后把CNAME丢入public,然后上传到GitHub仓库,嗯,设置好了

可是问题来了,我每次生成CNAME文件都会不见,消失

后面发现Hexo source文件夹中自己写入的内容都会原封不动的复制到public

于是source文件夹中添加一个CNAME文件,在文件中写入你配置的好的域就好了

注意:不是CNAME.txt,CNAME文件中只能有一个自定义域

(当然,不一定需要在根域,看个人喜好)

设置Github仓库

打开网页Github仓库,点击Settings,向下拉,会发现Github Page的相关设定

Custom domain中填入刚刚在CNAME填写的域名提交,约要十几分钟后,使用HTTPS协议访问的域名,就看到小绿锁了

方案二 使用cloudflare的代理实现HTTPS

不推荐,以后再写

This blog is under a CC BY-NC-SA 3.0 Unported License
Link to this article: https://hex.moe/p/f17d42de/