The previous blog shows you how to setup a blog with hexo and github pages. Here we are going to make it further.
- Setup custom domain name for your blog
- Setup cloudflare for content caching and https support
- Setup apex domain name and a
- Setup cloudflare dns records with flattening CNAME record
- Configure cloudflare
- flexible/full ssl
- Your deployed github pages. I setup my page at vmlinz.github.io with instructions from my previous blog post.
- Your custom domain name from a domain name vendor. I bought a domain name from name.com: zaicheng.me.
- A cloudflare account, free or paid. I created an account for cloudflare.
- Use my custom apex domain name zaicheng.me to point to my github blog.
- Redirect www.zaicheng.me to zaicheng.me
- Redirect vmlinz.github.io to zaicheng.me
- Use cloudflare to cache contents from zaicheng.me using the tricks of cloudflare
- Turn on hsts to make sure any insecure link will be redirected to the ssl secured one
- new a file named CNAME under hexo source dir, and put zaicheng.me into it. Then if you have both dns record of zaicheng.me and www.zaicheng.me, github will redirect www.zaicheng.me to zaicheng.me
- add a CNAME record of
zaicheng.me, vmlinz.github.io, NOTE: this is not an effective CNAME record by the dns spec, but cloudflare recognize it.
Let’s set up cloudflare to cache the content and turn on hsts for the site.
- Follow the guide to scan the original dns records.
- Migrate the dns servers from the domain name register panel to the cloudflare ones to get it work.
- Set up dns to add a record of flattening CNAME, which means to point zaicheng.me to vmlinz.github.io. NOTE: this is a cloudflare specific dns function which breaks the limits of dns spec.
- Setup the crypto to turn on full ssl
- Turn on HSTS under crypto, turn on
- Turn on ipv6 compatibility
- cloudflare will provision your ssl cert after about 24 hours
- flattening CNAME for apex domain is not supported by all the dns servers
- full ssl will only work when I use flattening CNAME, if I add a dns A record of
zaicheng.mepointing to the github ips(184.108.40.206,220.127.116.11), then I cannot use full ssl.