Aliyun CDN Acceleration For GitHub Pages — Complete Guide

GitHub Pages servers are outside mainland China. Domestic users accessing xxx.github.io directly often experience unstable speeds and high latency. By connecting to Aliyun CDN's domestic nodes, you can significantly improve the access experience for mainland users without changing the origin.

Prerequisites

A domain of your own (required — you cannot directly connect github.io to Aliyun CDN)
A GitHub Pages repository
An Aliyun account (with real-name verification completed)
If you select mainland China as the acceleration zone: the domain must have completed ICP filing

The ICP filing is not for GitHub Pages (it cannot be filed that way) — it is for your domain. An unfiled domain can only use "Global (excluding mainland China)," which provides limited improvement for domestic access.

Domain Strategy: How To Choose Between Two Approaches

Approach A: Bind a Custom Domain in GitHub Pages (Officially Recommended)

In the repository under Settings → Pages → Custom domain, enter your domain and check Enforce HTTPS.

Result:

✅ your-domain works normally, GitHub automatically issues an HTTPS certificate
❌ xxx.github.io will be force-redirected to your domain and cannot be accessed independently

Suitable for: Only needing one access entry, not caring whether github.io remains accessible.

Approach B: DNS CNAME to `github.io`, No GitHub-side Binding

Leave the repository Pages settings blank — no custom domain, no CNAME file. Only set a DNS CNAME record pointing your domain to xxx.github.io.

Result:

✅ xxx.github.io native access is preserved, no redirect
✅ your-domain independently serves the same content
❌ GitHub will not issue an HTTPS certificate for your custom domain — the CDN layer must handle this

Suitable for: Wanting to keep two access entries, with the CDN layer handling HTTPS uniformly.

Comparison

Dimension	Approach A (GitHub domain binding)	Approach B (DNS CNAME only)
Can github.io be accessed independently	❌ Force redirect	✅ Independent coexistence
HTTPS	GitHub free certificate	Needs CDN layer
CDN compatibility	No impact	No impact
Configuration complexity	Low	Low

Both approaches work with Aliyun CDN. The only difference is whether the final DNS points to GitHub or a CDN CNAME.

CDN Configuration Steps

1. Enable the CDN Service

Search for "CDN" in the Aliyun console and enable the service. New users typically get 50GB/year of free traffic, which is more than enough for a personal blog.

2. Add an Acceleration Domain

Acceleration domain: Enter your custom domain (e.g., blog.nevergpdzy.cn)
Origin information:
- Origin type: Origin domain
- Origin address: nevergpdzy.github.io
- Port: 443 (GitHub Pages enforces HTTPS)
Acceleration zone:
- Filed: Mainland China
- Not filed: Global (excluding mainland China)

3. Configure the Origin Host (Critical)

Go to CDN domain management → Origin configuration → Origin Host: Select Origin domain.

What this step does: When the CDN pulls from github.io, the Host request header stays as nevergpdzy.github.io rather than your custom domain.

GitHub Pages needs the Host header to locate the specific user's site (the same server group hosts countless xxx.github.io instances), so the origin Host must correctly point to your GitHub Pages address. Beyond that, GitHub has no additional Host blocklist or blocking logic — as long as the Host points to a real Pages site, origin pulling works normally. This is fundamentally different from the multi-layer Host blocking used by sites like Baidu.

4. Configure HTTPS

In the CDN console, configure an SSL certificate for your domain:

Aliyun free DV certificate (apply from the SSL certificate console)
Or Let's Encrypt / other certificate sources

Enable Force HTTPS (automatic HTTP → HTTPS redirect).

5. DNS Resolution (Final Step)

After successfully adding the domain to CDN, a CNAME address is generated (something like xxx.aliyuncdn.com).

Go to your domain's DNS management panel and add a record:

Host record: blog (or your subdomain prefix)
Record type: CNAME
Record value: Paste the CNAME address provided by CDN

Wait for resolution to take effect (usually a few minutes to tens of minutes).

6. Verify

Visit your custom domain in a browser to confirm HTTPS works and the page loads normally
Check response headers for CDN-related identifiers
Test access speed from different network environments

Final Chain

User
  ↓
Your domain (DNS resolves to Aliyun CDN CNAME)
  ↓
Aliyun CDN edge node (returns cached content if available)
  ↓ (cache miss, origin pull)
nevergpdzy.github.io:443 (GitHub Pages)
  ↓
Return content, CDN caches per rules

Day-to-Day Maintenance

After content updates, refresh the cache in the CDN console (or set reasonable cache expiration rules)
Monitor traffic usage; beyond the free tier, billing is pay-as-you-go
If GitHub Pages IP addresses change (rare), no action is usually needed because the origin address is a domain, not an IP

Common Questions

Why Can You Put CDN In Front of GitHub Pages but Not Baidu?

GitHub Pages: The Host header is only used for routing to a specific user's site. There are no additional Host blocklists, IP risk controls, or hotlink-blocking intercepts. As long as the origin Host points to a valid Pages address, origin pulling works normally.

Baidu / Bilibili / Taobao and other major platforms: Multi-layer protection (Host allowlist + IP blocklist + TLS fingerprinting + global risk control). CDN node IP pools are already flagged as "datacenter/proxy." Even if the origin Host is correct, you still get 403.

In short: Getting the origin Host right only solves the first layer of routing. Major commercial sites have dozens more layers of protection waiting for you.

What Is the Difference Between Direct CNAME to `github.io` and CDN Reverse Proxy?

DNS CNAME only: Only changes the IP that DNS points to. The Host header in HTTP requests is still your domain. The target server sees an unfamiliar Host and returns an error.
CDN reverse proxy: The CDN can rewrite the Host header to the target domain when forwarding, bypassing the Host check.

This is also why a direct CNAME to Baidu does not work but a CNAME to GitHub Pages does — Baidu blocks unfamiliar Host headers, while GitHub Pages only routes and does not block.

Can ICP Filing Expire?

The ICP filing number itself has no fixed expiration date, but the information must remain accurate, contact details must be valid, and the hosting relationship must be current. Domain expiration, unreported changes to the filing entity, or failing to complete transfer filing after migrating to a new provider can all cause the filing to become invalid.

Prerequisites​

Domain Strategy: How To Choose Between Two Approaches​

Approach A: Bind a Custom Domain in GitHub Pages (Officially Recommended)​

Approach B: DNS CNAME to github.io, No GitHub-side Binding​

Comparison​

CDN Configuration Steps​

1. Enable the CDN Service​

2. Add an Acceleration Domain​

3. Configure the Origin Host (Critical)​

4. Configure HTTPS​

5. DNS Resolution (Final Step)​

6. Verify​

Final Chain​

Day-to-Day Maintenance​

Common Questions​

Why Can You Put CDN In Front of GitHub Pages but Not Baidu?​

What Is the Difference Between Direct CNAME to github.io and CDN Reverse Proxy?​

Can ICP Filing Expire?​

What To Read Next​