我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们

使用 HTTPS 保护 GitHub Pages 站点

HTTPS 增加一层加密,用于防止其他人窥探或篡改您的站点的流量。 您可对 GitHub Pages 站点强制实施 HTTPS,从而将所有 HTTP 请求透明地重定向到 HTTPS。

GitHub Pages 可用于具有 GitHub Free 的公共仓库,以及具有 GitHub Pro、GitHub Team、GitHub Enterprise Cloud 和 GitHub Enterprise Server 的公共和私有仓库。更多信息请参阅“GitHub 的产品。”

People with admin permissions for a repository can enforce HTTPS for a GitHub Pages site.

本文内容

About HTTPS and GitHub Pages

所有 GitHub Pages 站点(包括使用自定义域正确配置的站点)均支持 HTTPS 和 HTTPS 强制实施。 For more information about custom domains, see "About custom domains and GitHub Pages" and "Troubleshooting custom domains and GitHub Pages."

对于使用 2016 年 1 月 15 日后创建的 github.io 域的 GitHub Pages 站点,需要强制实施 HTTPS。 If you created your site before June 15, 2016, you can manually enable HTTPS enforcement.

GitHub Pages 站点不应该用于敏感事务,例如发送密码或信用卡号码。

警告:GitHub Pages 站点在互联网上向公众开放,即使其仓库是私有的。如果您的页面仓库中有敏感数据,可能需要在发布之前将其删除。

对您的 GitHub Pages 站点强制实施 HTTPS

  1. On GitHub, navigate to your site's repository.

  2. 在仓库名称下,单击 Settings(设置)

    仓库设置按钮

  3. Under "GitHub Pages," select Enforce HTTPS.

    强制实施 HTTPS 复选框

解决具有混合内容的问题

If you enable HTTPS for your GitHub Pages site but your site's HTML still references images, CSS, or JavaScript over HTTP, then your site is serving mixed content. Serving mixed content may make your site less secure and cause trouble loading assets.

To remove your site's mixed content, make sure all your assets are served over HTTPS by changing http:// to https:// in your site's HTML.

Assets are commonly found in the following locations:

  • If your site uses Jekyll, your HTML files will probably be found in the _layouts folder.
  • CSS is usually found in the <head> section of your HTML file.
  • JavaScript is usually found in the <head> section or just before the closing </body> tag.
  • Images are often found in the <body> section.

Tip: If you can't find your assets in your site's source files, try searching your site's source files for http in your text editor or on GitHub.

Examples of assets referenced in an HTML file

前端资源类型 HTTP HTTPS
CSS <link rel="stylesheet" href="http://example.com/css/main.css"> <link rel="stylesheet" href="https://example.com/css/main.css">
JavaScript <script type="text/javascript" src="http://example.com/js/main.js"></script> <script type="text/javascript" src="https://example.com/js/main.js"></script>
图像 <A HREF="http://www.somesite.com"><IMG SRC="http://www.example.com/logo.jpg" alt="Logo"></a> <A HREF="https://www.somesite.com"><IMG SRC="https://www.example.com/logo.jpg" alt="Logo"></a>

问问别人

找不到要找的内容?

联系我们