验证 GitHub Pages 的自定义域

您可以通过验证您的域来提高自定义域的安全性并避免接管攻击。

谁可以使用此功能?

GitHub Pages 适用于具有 GitHub Free 和组织的 GitHub Free 的公共存储库,以及具有 GitHub Pro、GitHub Team、GitHub Enterprise Cloud 和 GitHub Enterprise Server 的公共和专用存储库。 有关详细信息,请参阅 GitHub 的计划

GitHub Pages 现在使用 GitHub Actions 来执行 Jekyll 构建。 使用分支作为构建源时,如果要使用内置的 Jekyll 工作流,则必须在存储库中启用 GitHub Actions。 或者,如果 GitHub Actions 不可用或已禁用,则将 .nojekyll 文件添加到源分支的根目录将绕过 Jekyll 构建过程并直接部署内容。 有关启用 GitHub Actions 的详细信息,请参阅“管理存储库的 GitHub Actions 设置”。

本文内容

About domain verification for GitHub Pages

When you verify a custom domain for your personal account, only repositories owned by your personal account may be used to publish a GitHub Pages site to the verified custom domain or the domain's immediate subdomains. Similarly, when you verify a custom domain for your organization, only repositories owned by that organization may be used to publish a GitHub Pages site to the verified custom domain or the domain's immediate subdomains.

Verifying your domain stops other GitHub users from taking over your custom domain and using it to publish their own GitHub Pages site. Domain takeovers can happen when you delete your repository, when your billing plan is downgraded, or after any other change which unlinks the custom domain or disables GitHub Pages while the domain remains configured for GitHub Pages and is not verified.

When you verify a domain, any immediate subdomains are also included in the verification. For example, if the github.com custom domain is verified, docs.github.com, support.github.com, and any other immediate subdomains will also be protected from takeovers.

警告

We strongly recommend that you do not use wildcard DNS records, such as *.example.com. These records put you at an immediate risk of domain takeovers, even if you verify the domain. For example, if you verify example.com this prevents someone from using a.example.com but they could still take over b.a.example.com (which is covered by the wildcard DNS record).

It's also possible to verify a domain for your organization, which displays a "Verified" badge on the organization profile. For more information, see Verifying or approving a domain for your organization.

Verifying a domain that is already taken

You may be verifying a domain you own, which is currently in use by another user or organization, to make it available for your GitHub Pages website. In this case, the domain will be immediately released from GitHub Pages websites which are owned by other users or organizations. If you are attempting to verify an already verified domain (verified by another user or organization), the release process will not be successful.

Verifying a domain for your user site

注意

If you don’t see the options described below, make sure you’re in your Profile settings, not your repository settings. Domain verification happens at the profile level.

  1. In the upper-right corner of any page on GitHub, click your profile picture, then click Settings.

  2. In the "Code, planning, and automation" section of the sidebar, click Pages.

  3. On the right, click Add a domain.

  4. Under "What domain would you like to add?," enter the domain you wish to verify and select Add domain.

    Screenshot of the field to add a verified domain for your GitHub Pages site. A green "Add domain" button is shown below the field.

  5. Follow the instructions under "Add a DNS TXT record" to create the TXT record with your domain hosting service.

    Screenshot of GitHub Pages instructions to add a TXT record to the DNS configuration of example.com.

  6. Wait for your DNS configuration to change, this may be immediate or take up to 24 hours. You can confirm the change to your DNS configuration by running the dig command on the command line. In the command below, replace USERNAME with your username and example.com with the domain you're verifying. If your DNS configuration has updated, you should see your new TXT record in the output.

    dig _github-pages-challenge-USERNAME.example.com +nostats +nocomments +nocmd TXT

  7. After confirming that your DNS configuration has updated, you can verify the domain. If the change wasn't immediate, and you have navigated away from the previous page, return to your Pages settings by following the first few steps and, to the right of the domain, click and then click Continue verifying.

    Screenshot of "Verified domains" settings. Under the horizontal kebab icon to the right, the "Continue verifying" option is outlined in orange.

  8. To verify your domain, click Verify.

  9. To make sure your custom domain remains verified, keep the TXT record in your domain's DNS configuration.

Verifying a domain for your organization site

Organization owners can verify custom domains for their organization.

注意

If you don’t see the options described below, check that you’re in your Organization settings. Domain verification doesn’t take place in repository settings.

  1. In the upper-right corner of GitHub, click your profile picture, then click Your organizations.

  2. Next to the organization, click Settings.

  3. In the "Code, planning, and automation" section of the sidebar, click Pages.

  4. On the right, click Add a domain.

  5. Under "What domain would you like to add?," enter the domain you wish to verify and select Add domain.

    Screenshot of the field to add a verified domain for your GitHub Pages site. A green "Add domain" button is shown below the field.

  6. Follow the instructions under "Add a DNS TXT record" to create the TXT record with your domain hosting service.

    Screenshot of GitHub Pages instructions to add a TXT record to the DNS configuration of example.com.

  7. Wait for your DNS configuration to change. This may be immediate or take up to 24 hours. You can confirm the change to your DNS configuration by running the dig command on the command line. In the command below, replace ORGANIZATION with the name of your organization and example.com with the domain you're verifying. If your DNS configuration has updated, you should see your new TXT record in the output.

    dig _github-pages-challenge-ORGANIZATION.example.com +nostats +nocomments +nocmd TXT

  8. After confirming that your DNS configuration has updated, you can verify the domain. If the change wasn't immediate, and you have navigated away from the previous page, return to your Pages settings by following the first few steps and, to the right of the domain, click and then click Continue verifying.

    Screenshot of "Verified domains" settings. Under the horizontal kebab icon to the right, the "Continue verifying" option is outlined in orange.

  9. To verify your domain, click Verify.

  10. To make sure your custom domain remains verified, keep the TXT record in your domain's DNS configuration.