Website security seems increasingly important these days, and have caused some users hesitated to visit a webpage without a trusted cert. To have such a site, owner needs to take care of Domain Name, Server Hosting and SSL certs in tradition,which is way too high for non-profit personal blogs. Is it possible to get them all in one for FREE?

The answer is Yes!, let me show you how to get them quickly.

Get Free Domain Name

There are multiple providers available on the market providing free Domain Name services. Considering you always get what you paid for, it may not be suitble for important services such as shopping. But if it’s just for a personal blog, I think it’s good enough, at least users won’t see my ugly gitlab/github.io name anymore.

The provider I’m using is called Freenom, they provide redirect services, and can customize DNS record or deligate request to External NS Servers.

log onto their webpage and create a new free Domain Name, it will trigger your new account created automatically. Because we’ll be using Cloudflare to provide us free SSL and would like to use it fully control the entire domain, so at leaset for now we don’t need any of their NS Servers serving us. Cloudflare NS are chloe.ns.cloudflare.com and coby.ns.cloudflare.com.

Create Gitlab/Github Page

Please refer to their official guide on how to create them.
Gitlab Guide
Github Guide

Redirect NS

In Gitlab, go to your project, Settings -> Pages and create a new Domain. Here we’d like to force users to always access our https site, so we need to add PEM certs and keys, which can be acquired from Cloudflare Crypto. We also need one more extra intermediate cert to trust Cloudflare, which is shown below:

-----BEGIN CERTIFICATE-----
MIID/DCCAuagAwIBAgIID+rOSdTGfGcwCwYJKoZIhvcNAQELMIGLMQswCQYDVQQG
EwJVUzEZMBcGA1UEChMQQ2xvdWRGbGFyZSwgSW5jLjE0MDIGA1UECxMrQ2xvdWRG
bGFyZSBPcmlnaW4gU1NMIENlcnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEBxMN
U2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZvcm5pYTAeFw0xNDExMTMyMDM4
NTBaFw0xOTExMTQwMTQzNTBaMIGLMQswCQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xv
dWRGbGFyZSwgSW5jLjE0MDIGA1UECxMrQ2xvdWRGbGFyZSBPcmlnaW4gU1NMIENl
cnRpZmljYXRlIEF1dGhvcml0eTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEG
A1UECBMKQ2FsaWZvcm5pYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMBIlWf1KEKR5hbB75OYrAcUXobpD/AxvSYRXr91mbRu+lqE7YbyyRUShQh15lem
ef+umeEtPZoLFLhcLyczJxOhI+siLGDQm/a/UDkWvAXYa5DZ+pHU5ct5nZ8pGzqJ
p8G1Hy5RMVYDXZT9F6EaHjMG0OOffH6Ih25TtgfyyrjXycwDH0u6GXt+G/rywcqz
/9W4Aki3XNQMUHNQAtBLEEIYHMkyTYJxuL2tXO6ID5cCsoWw8meHufTeZW2DyUpl
yP3AHt4149RQSyWZMJ6AyntL9d8Xhfpxd9rJkh9Kge2iV9rQTFuE1rRT5s7OSJcK
xUsklgHcGHYMcNfNMilNHb8CAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgAGMBIGA1Ud
EwEB/wQIMAYBAf8CAQIwHQYDVR0OBBYEFCToU1ddfDRAh6nrlNu64RZ4/CmkMB8G
A1UdIwQYMBaAFCToU1ddfDRAh6nrlNu64RZ4/CmkMAsGCSqGSIb3DQEBCwOCAQEA
cQDBVAoRrhhsGegsSFsv1w8v27zzHKaJNv6ffLGIRvXK8VKKK0gKXh2zQtN9SnaD
gYNe7Pr4C3I8ooYKRJJWLsmEHdGdnYYmj0OJfGrfQf6MLIc/11bQhLepZTxdhFYh
QGgDl6gRmb8aDwk7Q92BPvek5nMzaWlP82ixavvYI+okoSY8pwdcVKobx6rWzMWz
ZEC9M6H3F0dDYE23XcCFIdgNSAmmGyXPBstOe0aAJXwJTxOEPn36VWr0PKIQJy5Y
4o1wpMpqCOIwWc8J9REV/REzN6Z1LXImdUgXIXOwrz56gKUJzPejtBQyIGj0mveX
Fu6q54beR89jDc+oABmOgg==
-----END CERTIFICATE-----

Other things have to be done on Cloudflare side, we need to add TXT record to help Gitlab verify our ownership, and Domain Records too:

  1. If the domain has multiple uses (e.g., you host email on it as well):

    From DNS Record To
    domain.com A 35.185.44.232
    domain.com TXT gitlab-pages-verification-code=fdsfsdsdsdfds(autogen)
    you are good to go if you only want your entire site to be resolved as namespace.gitlab.io.

    Notes:

    • Do not use a CNAME record if you want to point your domain.com to your GitLab Pages site. Use an A record instead.
    • Do not add any special chars after the default Pages domain. E.g., do not point your subdomain.domain.com to namespace.gitlab.io. or namespace.gitlab.io/.
    • GitLab Pages IP on GitLab.com has been changed from 52.167.214.135 to 35.185.44.232 in 2018
  2. It’s up to you to create CNAME record for www, I did it simply because Cloudflare complains if it can’t see www record.

  3. Change all relevant elements on your page to use new Domain Name, move http to https.

  4. Let DNS load and wait like 15 mins, go checkout your website, you should see new Cloudflare certs on your page and all functions act properly.

Note: The A name tells Cloudflare to redirect request from free.ga to Gitlab page IP, and the added TXT record helps identify which page it is inside Gitlab pages database, but this can’t be combined with existing gitlab page, e.g, if we already have a page namespace.gitlab.io, then we can’t reuse it for another site under it namespace.gitlab.io/wangsfarm. This will cause gitlab confused and keeps redirect traffic between this two pages.