The story part
I had been thinking about registering a domain for a custom email address. I was looking for an easy to remember name that would look professionnal without necessarily going for a common TLD such as .com. .ca, etc. Having a Google account and knowing thy offer a registrar service, I had a look. That’s how I came across the .dev TLD.
Marketing dept’s doing its job well so I clicked that attractive button. If you want to serve a website through this domain, you’ll need an SSL certificate. No worries there, plus it’s a cool name, it’s affordable and it will require that I setup HTTPS when I’m ready for a website (and also requires visitors to use a secure protocol).
I had come across a site hosted on Github for the first time a few years back and figured it was automatically generated from .md files within the repo. I tought Github Pages would be an interesting option when I’d want a small website to show off my repos.
So I’m doing this presentation for a cloud computing course and while presenting Github’s features, I was showing how you could use it to showcase your skills to potential employers and link it on your CV. Someone throws “Why isn’t yours on Github then?”
How to
keep your sanity when dealing with Google Domains
If you enjoy a cleansed browsing experience though the use of extensions/plug-ins, some of Google Domains' features may seem broken. The cases I experienced were:
- DNS A Record not accepting all the IP adresses and reverting to the first line only, even after using the + sign on creation, using the edit button and then the + sign to add more failed, deleting the record and waiting for the TTL to expire didn’t change anything either.
- CNAME always fell back to mydomain.dev instead of user.github.io even after trying the common troubleshooting listed previously.
Use private browsing or incognito mode
I know it doesn’t make sense as a solution to apparent DNS issues but it worked for me.
Procedure
You will need:
- A Github account
- A registered domain
- if your domain is not “More Secure”, you can still follow these instructions.
The Github Pages docs make you create a repo like user.github.io
but you can activate Github Pages in any repo through the Settings menu. However, Github can only have one custom entry per repo, either Apex or subdomain but not both. So you cant have www.domain.xxx and domain.xxx redirect to the same repo. There are inelegant workaround methods but I won’t deal with that here. Just choose how you think is best. I decided to go with the Apex domain and use subdomains for specific repos, like this one.
Want to use the Apex? Just create an A RECORD in Google Domains DNS with the IP adresses listed here.
Want to use a subdomain instead? Create a CNAME file (steps 1 2 3, use full sub.domain.xxx) in your repo and go to Google Domains DNS and add a CNAME entry sub that directs to user.github.io
.
Once your done with the Google Domains part, go back to your repo’s Settings and wait patiently until the error message next to the Enforce HTTP checkbox goes away. DNS propagation can take a while, you might see a change in minutes but it could also take hours. Github Pages automatically generates free certificates through Let’s Encrypt. If you pay attention to the Settings page you might even see a progress bar when the certificate is generated. When everything is ready you should see “Your site is now published at https://….”
Sécurity
The main benefit of .dev
domains, on top being really really really ridiculously good looking, is that it commes out of the box with HSTS pre-loading enabled. This makes sure all connections to your site are secure. If you want to enable HSTS on a domain you own, just follow these instructions. If you think it’s a bit much to have HTTPS + HSTS enabled for a simple blog, it’s 2020 and I don’t have a valid reason not to make my trafic secure by default.
Conclusion
Mon CV is now on Github but I haven’t set up my custom email yet…
A big thank you goes out to Chase Sawyer for helping me while troubleshooting Google DNS and confirming the instructions worked on his side. Because of this I was either crazy or some kind of Google dark arts was happening. I tested the second hypothesis by using Chrome’s incognito mode and everything behaved as expected.