Skip to content

feat(aps): remove public ip #4954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
May 13, 2025
Merged

feat(aps): remove public ip #4954

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
adb5d84
feat(aps): remove public ip
bene2k1 May 13, 2025
44d69fe
docs(aps): fix typo
bene2k1 May 13, 2025
720836c
docs(aps): update formatting
bene2k1 May 13, 2025
c8d864e
fix(aps): fix typo
bene2k1 May 13, 2025
72e8c91
docs(aps): fix
bene2k1 May 13, 2025
d55b15f
fix(aps): fix wording
bene2k1 May 13, 2025
843e7e5
Apply suggestions from code review
bene2k1 May 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
192 changes: 98 additions & 94 deletions menu/navigation.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1055,6 +1055,10 @@
"label": "Use Private Networks",
"slug": "use-private-networks"
},
{
"label": "Remove the public IP address",
"slug": "remove-public-ip"
},
{
"label": "Install a package manager",
"slug": "install-package-manager-mac-mini"
Expand Down Expand Up @@ -4402,111 +4406,111 @@
"slug": "queues"
},
{
"items": [
{
"label": "Overview",
"slug": "../topics-and-events"
},
{
"label": "Concepts",
"slug": "concepts"
},
{
"label": "Quickstart",
"slug": "quickstart"
},
{
"label": "FAQ",
"slug": "faq"
},
{
"items": [
{
"label": "Create credentials",
"slug": "create-credentials"
},
{
"label": "Manage credentials",
"slug": "manage-credentials"
},
{
"label": "Create and manage topics",
"slug": "create-manage-topics"
},
{
"label": "Create and manage subscriptions",
"slug": "create-manage-subscriptions"
},
{
"label": "Monitor Topics and Events with Cockpit",
"slug": "monitor-topics-cockpit"
}
],
"label": "How to",
"slug": "how-to"
},
{
"items": [
{
"label": "Topics and Events API Reference",
"slug": "https://www.scaleway.com/en/developers/api/messaging-and-queuing/sns-api/"
},
{
"label": "Connecting Topics and Events to the AWS-CLI",
"slug": "connect-aws-cli"
},
{
"label": "Using Topics and Events with the AWS-CLI",
"slug": "topics-events-aws-cli"
},
{
"label": "Using Go, Python or Node.js with Topics and Events",
"slug": "python-node-topics-events"
}
],
"label": "API/CLI",
"slug": "api-cli"
},
{
"items": [
{
"label": "Topics and Events overview",
"slug": "topics-and-events-overview"
},
{
"label": "Topics and Events - supported actions",
"slug": "topics-and-events-support"
},
{
"label": "Limitations",
"slug": "limitations"
}
],
"label": "Additional Content",
"slug": "reference-content"
}
],
"label": "Topics and Events",
"slug": "topics-and-events"
"items": [
{
"label": "Overview",
"slug": "../topics-and-events"
},
{
"label": "Concepts",
"slug": "concepts"
},
{
"label": "Quickstart",
"slug": "quickstart"
},
{
"label": "FAQ",
"slug": "faq"
},
{
"items": [
{
"label": "Overview",
"slug": "../serverless-sql-databases"
"label": "Create credentials",
"slug": "create-credentials"
},
{
"label": "Manage credentials",
"slug": "manage-credentials"
},
{
"label": "Create and manage topics",
"slug": "create-manage-topics"
},
{
"label": "Create and manage subscriptions",
"slug": "create-manage-subscriptions"
},
{
"label": "Monitor Topics and Events with Cockpit",
"slug": "monitor-topics-cockpit"
}
],
"label": "How to",
"slug": "how-to"
},
{
"items": [
{
"label": "Topics and Events API Reference",
"slug": "https://www.scaleway.com/en/developers/api/messaging-and-queuing/sns-api/"
},
{
"label": "Concepts",
"slug": "concepts"
"label": "Connecting Topics and Events to the AWS-CLI",
"slug": "connect-aws-cli"
},
{
"label": "Quickstart",
"slug": "quickstart"
"label": "Using Topics and Events with the AWS-CLI",
"slug": "topics-events-aws-cli"
},
{
"label": "FAQ",
"slug": "faq"
"label": "Using Go, Python or Node.js with Topics and Events",
"slug": "python-node-topics-events"
}
],
"label": "API/CLI",
"slug": "api-cli"
},
{
"items": [
{
"label": "Topics and Events overview",
"slug": "topics-and-events-overview"
},
{
"label": "Topics and Events - supported actions",
"slug": "topics-and-events-support"
},
{
"label": "Limitations",
"slug": "limitations"
}
],
"label": "Additional Content",
"slug": "reference-content"
}
],
"label": "Topics and Events",
"slug": "topics-and-events"
},
{
"items": [
{
"label": "Overview",
"slug": "../serverless-sql-databases"
},
{
"label": "Concepts",
"slug": "concepts"
},
{
"label": "Quickstart",
"slug": "quickstart"
},
{
"label": "FAQ",
"slug": "faq"
},
{
"items": [
{
Expand Down
72 changes: 72 additions & 0 deletions pages/apple-silicon/how-to/remove-public-ip.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
---
meta:
title: How to remove the public IP address of a Mac mini
description: This page explains how to remove the public IP and secure your Mac mini with Private Network and SSH Bastion
content:
h1: How to remove the public IP address of a Mac mini
paragraph: This page explains how to remove the public IP and secure your Mac mini with Private Network and SSH Bastion
tags: mac-mini private network bastion
dates:
validation: 2025-05-13
posted: 2022-05-13
categories:
- bare-metal
---

After enabling Virtual Private Cloud (VPC) on your Mac Mini, you can enhance the security of your server by further restricting external access.
This guide walks you through a series of steps to ensure that your Mac Mini is isolated from unauthorized access while maintaining necessary connectivity for management and maintenance.

By following these instructions, you will learn how to create a secure environment that uses Private Networks and an SSH Bastion to protect your machine from being reachable on the public Internet, while maintaining outgoing connectivity from the Mac mini.

<Macro id="requirements" />

- A Scaleway account logged into the [console](https://console.scaleway.com)
- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
- A [Mac mini](/apple-silicon/how-to/create-mac-mini/)

<Message type="important">
Before proceeding, note that removing the public IP from your Mac mini will have some side effects:
* You will no longer be able to reload SSH keys from the console.
* Scaleway's ability to monitor your server will be limited. Some actions, such as rebooting your machine, may result in an error state displayed in the console (although it will not prevent you from using your server).
</Message>

## Enabling Private Networks for your Mac mini

1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash page displays.
2. Click the Mac mini you want to enable Private Networks on. The Mac mini's **Overview** page displays.
3. In the **Private Networks feature** section, click **Enable Private Networks** to enable the feature.
A pop-up displays, asking you to confirm that you want to enable Private Networks, and showing the estimated cost.
4. Click **Enable Private Networks**.


## Setting up Private Networks/VLAN

1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash page displays.
2. Click the Mac mini you want to attach to a Private Network. The Mac mini's **Overview** page displays.
3. Click the **Private Networks** tab.
4. Click **+ Attach to a Private Network**. A pop-up displays.
5. Select the Private Network you want to attach the Mac mini to. You can either auto-allocate an available IP from the Private Network's pool (default) or reserve a specific IP for your Mac mini using [IPAM](/ipam/quickstart/).
6. Click **Attach to Private Network**.

## Configuring the Private Network on your Mac mini

On your Mac Mini, set up the Private Network/VLAN. You can follow our guide [How to configure the VLAN interface on your Mac mini for Private Networks](/apple-silicon/how-to/use-private-networks/#how-to-configure-the-vlan-interface-on-your-mac-mini-for-private-networks) for more information.

## Setting up a Public Gateway with SSH Bastion

1. [Create a Public Gateway](/public-gateways/how-to/create-a-public-gateway/).
2. [Enable SSH Bastion](/public-gateways/how-to/use-ssh-bastion/). This will allow you to securely access your Mac Mini.
3. Connect to your machine through the Bastion. Verify that you can connect to your Mac Mini through the Bastion.
<Message type="tip">
You can also use the Bastion to connect to the remote desktop of your Mac using SSH port-forwarding.
To do this, forward traffic to port `5900` of your machine to reach the VNC service.
**This is a different port than the public VNC port displayed in your console.**
</Message>

## Disabling DHCP on the public interface and removing the public IP address

Once you have verified that your Mac mini is reachable through the Bastion, you can proceed with disabling DHCP on your Mac's main network interface (`en0`) and removing its public address.
Your Mac Mini is now fully isolated from the public internet, and any further external access will have to occur from a resource inside the Private Network or through the Bastion.
<Message type="tip">
Your Mac Mini will still be able to access the internet through the gateway if needed.
</Message>
4 changes: 2 additions & 2 deletions pages/apple-silicon/how-to/use-private-networks.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Before you can attach your Mac mini to a Private Network, you must enable the fe

1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash page displays.
2. Click the Mac mini you want to enable Private Networks on. The Mac mini's **Overview** page displays.
3. In the **Private Networks feature** panel, use the <Icon name="toggle" /> toggle button to enable the feature.
3. In the **Private Networks feature** section, click **Enable Private Networks** to enable the feature.
A pop-up displays, asking you to confirm that you want to enable Private Networks, and showing the estimated cost.
4. Click **Enable Private Networks**.

Expand Down Expand Up @@ -59,7 +59,7 @@ Private Networks are disabled, and you are returned to your Mac mini's **Overvie
2. Click the Mac mini you want to attach to a Private Network. The Mac mini's **Overview** page displays.
3. Click the **Private Networks** tab.
4. Click **+ Attach to a Private Network**. A pop-up displays.
5. Select the Private Network you want to attach the Mac mini to. It will be automatically assigned private IPv4 and IPv6 addresses on this network. The ability to use specific reserved IP addresses for the attachment is planned for the future.
5. Select the Private Network you want to attach the Mac mini to. You can either auto-allocate an available IP from the Private Network's pool (default) or reserve a specific IP for your Mac mini using [IPAM](/ipam/quickstart/).
6. Click **Attach to Private Network**.

The Mac mini is attached to the Private Network, and you are returned to the **Private Networks** tab. The IPv4 and the IPv6 addresses for the Mac mini on the Private Network are displayed, along with the ID of the VLAN interface that was created.
Expand Down