Skip to main content

验证 GitHub Pages 的自定义域

您可以通过验证您的域来提高自定义域的安全性并避免接管攻击。

谁可以使用此功能?

GitHub Pages 适用于具有 GitHub Free 和组织的 GitHub Free 的公共存储库,以及具有 GitHub Pro、GitHub Team、GitHub Enterprise Cloud 和 GitHub Enterprise Server 的公共和专用存储库。 有关详细信息,请参阅“GitHub 的计划”。

GitHub Pages 现在使用 GitHub Actions 来执行 Jekyll 构建。 使用分支作为构建源时,如果要使用内置的 Jekyll 工作流,则必须在存储库中启用 GitHub Actions。 或者,如果 GitHub Actions 不可用或已禁用,则将 .nojekyll 文件添加到源分支的根目录将绕过 Jekyll 构建过程并直接部署内容。 有关 GitHub Actions 运行器的详细信息,请参阅“管理存储库的 GitHub Actions 设置”。

About domain verification for GitHub Pages

When you verify a custom domain for your personal account, only repositories owned by your personal account may be used to publish a GitHub Pages site to the verified custom domain or the domain's immediate subdomains. Similarly, when you verify a custom domain for your organization, only repositories owned by that organization may be used to publish a GitHub Pages site to the verified custom domain or the domain's immediate subdomains.

Verifying your domain stops other GitHub users from taking over your custom domain and using it to publish their own GitHub Pages site. Domain takeovers can happen when you delete your repository, when your billing plan is downgraded, or after any other change which unlinks the custom domain or disables GitHub Pages while the domain remains configured for GitHub Pages and is not verified.

When you verify a domain, any immediate subdomains are also included in the verification. For example, if the github.com custom domain is verified, docs.github.com, support.github.com, and any other immediate subdomains will also be protected from takeovers.

Warning: We strongly recommend that you do not use wildcard DNS records, such as *.example.com. These records put you at an immediate risk of domain takeovers, even if you verify the domain. For example, if you verify example.com this prevents someone from using a.example.com but they could still take over b.a.example.com (which is covered by the wildcard DNS record). For more information, see "Verifying your custom domain for GitHub Pages."

It's also possible to verify a domain for your organization or enterprise, which displays a "Verified" badge on the organization or enterprise profile and, on GitHub Enterprise Cloud, allows you to restrict notifications to email addresses using the verified domain. For more information, see "Verifying or approving a domain for your organization" and "Verifying or approving a domain for your enterprise."

Verifying a domain that is already taken

You may be verifying a domain you own, which is currently in use by another user or organization, to make it available for your GitHub Pages website. In this case, the domain will be immediately released from GitHub Pages websites which are owned by other users or organizations. If you are attempting to verify an already verified domain (verified by another user or organization), the release process will not be successful.

Verifying a domain for your user site

  1. In the upper-right corner of any page on GitHub, click your profile photo, then click Settings.

  2. In the "Code, planning, and automation" section of the sidebar, click Pages.

  3. On the right, click Add a domain.

  4. Under "What domain would you like to add?," enter the domain you wish to verify and select Add domain.

    Screenshot of a text box to add a verified domain on GitHub Pages, filled in with "example.com." Below the text is a green button labeled "Add domain."

  5. Follow the instructions under "Add a DNS TXT record" to create the TXT record with your domain hosting service.

    Screenshot of GitHub Pages instructions to add a TXT record to the DNS configuration of example.com.

  6. Wait for your DNS configuration to change, this may be immediate or take up to 24 hours. You can confirm the change to your DNS configuration by running the dig command on the command line. In the command below, replace USERNAME with your username and example.com with the domain you're verifying. If your DNS configuration has updated, you should see your new TXT record in the output.

    dig _github-pages-challenge-USERNAME.example.com +nostats +nocomments +nocmd TXT
    
  7. After confirming that your DNS configuration has updated, you can verify the domain. If the change wasn't immediate, and you have navigated away from the previous page, return to your Pages settings by following the first few steps and, to the right of the domain, click and then click Continue verifying.

    Screenshot of GitHub Pages settings showing verified domains. Under the horizontal kebab icon to the right, the "Continue verifying" dropdown option is outlined in dark orange.

  8. To verify your domain, click Verify.

  9. To make sure your custom domain remains verified, keep the TXT record in your domain's DNS configuration.

Verifying a domain for your organization site

Organization owners can verify custom domains for their organization.

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.

  2. Next to the organization, click Settings.

  3. In the "Code, planning, and automation" section of the sidebar, click Pages.

  4. On the right, click Add a domain.

  5. Under "What domain would you like to add?," enter the domain you wish to verify and select Add domain.

    Screenshot of a text box to add a verified domain on GitHub Pages, filled in with "example.com." Below the text is a green button labeled "Add domain."

  6. Follow the instructions under "Add a DNS TXT record" to create the TXT record with your domain hosting service.

    Screenshot of GitHub Pages instructions to add a TXT record to the DNS configuration of example.com.

  7. Wait for your DNS configuration to change. This may be immediate or take up to 24 hours. You can confirm the change to your DNS configuration by running the dig command on the command line. In the command below, replace ORGANIZATION with the name of your organization and example.com with the domain you're verifying. If your DNS configuration has updated, you should see your new TXT record in the output.

    dig _github-pages-challenge-ORGANIZATION.example.com +nostats +nocomments +nocmd TXT
    
  8. After confirming that your DNS configuration has updated, you can verify the domain. If the change wasn't immediate, and you have navigated away from the previous page, return to your Pages settings by following the first few steps and, to the right of the domain, click and then click Continue verifying.

    Screenshot of GitHub Pages settings showing verified domains. Under the horizontal kebab icon to the right, the "Continue verifying" dropdown option is outlined in dark orange.

  9. To verify your domain, click Verify.

  10. To make sure your custom domain remains verified, keep the TXT record in your domain's DNS configuration.