From adb5d845ddd1c79b326760b057dc119bbebb607f Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 13 May 2025 13:35:27 +0200 Subject: [PATCH 1/7] feat(aps): remove public ip --- menu/navigation.json | 192 +++++++++--------- .../apple-silicon/how-to/remove-public-ip.mdx | 72 +++++++ .../how-to/use-private-networks.mdx | 4 +- 3 files changed, 172 insertions(+), 96 deletions(-) create mode 100644 pages/apple-silicon/how-to/remove-public-ip.mdx diff --git a/menu/navigation.json b/menu/navigation.json index 335ac1e083..279f27639b 100644 --- a/menu/navigation.json +++ b/menu/navigation.json @@ -1055,6 +1055,10 @@ "label": "Use Private Networks", "slug": "use-private-networks" }, + { + "label": "Remove the public IP address", + "slug": "remove-public-ip" + }, { "label": "Install a package manager", "slug": "install-package-manager-mac-mini" @@ -4402,111 +4406,111 @@ "slug": "queues" }, { - "items": [ - { - "label": "Overview", - "slug": "../topics-and-events" - }, - { - "label": "Concepts", - "slug": "concepts" - }, - { - "label": "Quickstart", - "slug": "quickstart" - }, - { - "label": "FAQ", - "slug": "faq" - }, - { - "items": [ - { - "label": "Create credentials", - "slug": "create-credentials" - }, - { - "label": "Manage credentials", - "slug": "manage-credentials" - }, - { - "label": "Create and manage topics", - "slug": "create-manage-topics" - }, - { - "label": "Create and manage subscriptions", - "slug": "create-manage-subscriptions" - }, - { - "label": "Monitor Topics and Events with Cockpit", - "slug": "monitor-topics-cockpit" - } - ], - "label": "How to", - "slug": "how-to" - }, - { - "items": [ - { - "label": "Topics and Events API Reference", - "slug": "https://www.scaleway.com/en/developers/api/messaging-and-queuing/sns-api/" - }, - { - "label": "Connecting Topics and Events to the AWS-CLI", - "slug": "connect-aws-cli" - }, - { - "label": "Using Topics and Events with the AWS-CLI", - "slug": "topics-events-aws-cli" - }, - { - "label": "Using Go, Python or Node.js with Topics and Events", - "slug": "python-node-topics-events" - } - ], - "label": "API/CLI", - "slug": "api-cli" - }, - { - "items": [ - { - "label": "Topics and Events overview", - "slug": "topics-and-events-overview" - }, - { - "label": "Topics and Events - supported actions", - "slug": "topics-and-events-support" - }, - { - "label": "Limitations", - "slug": "limitations" - } - ], - "label": "Additional Content", - "slug": "reference-content" - } - ], - "label": "Topics and Events", - "slug": "topics-and-events" + "items": [ + { + "label": "Overview", + "slug": "../topics-and-events" + }, + { + "label": "Concepts", + "slug": "concepts" + }, + { + "label": "Quickstart", + "slug": "quickstart" + }, + { + "label": "FAQ", + "slug": "faq" }, { "items": [ { - "label": "Overview", - "slug": "../serverless-sql-databases" + "label": "Create credentials", + "slug": "create-credentials" + }, + { + "label": "Manage credentials", + "slug": "manage-credentials" + }, + { + "label": "Create and manage topics", + "slug": "create-manage-topics" + }, + { + "label": "Create and manage subscriptions", + "slug": "create-manage-subscriptions" + }, + { + "label": "Monitor Topics and Events with Cockpit", + "slug": "monitor-topics-cockpit" + } + ], + "label": "How to", + "slug": "how-to" + }, + { + "items": [ + { + "label": "Topics and Events API Reference", + "slug": "https://www.scaleway.com/en/developers/api/messaging-and-queuing/sns-api/" }, { - "label": "Concepts", - "slug": "concepts" + "label": "Connecting Topics and Events to the AWS-CLI", + "slug": "connect-aws-cli" }, { - "label": "Quickstart", - "slug": "quickstart" + "label": "Using Topics and Events with the AWS-CLI", + "slug": "topics-events-aws-cli" }, { - "label": "FAQ", - "slug": "faq" + "label": "Using Go, Python or Node.js with Topics and Events", + "slug": "python-node-topics-events" + } + ], + "label": "API/CLI", + "slug": "api-cli" + }, + { + "items": [ + { + "label": "Topics and Events overview", + "slug": "topics-and-events-overview" }, + { + "label": "Topics and Events - supported actions", + "slug": "topics-and-events-support" + }, + { + "label": "Limitations", + "slug": "limitations" + } + ], + "label": "Additional Content", + "slug": "reference-content" + } + ], + "label": "Topics and Events", + "slug": "topics-and-events" + }, + { + "items": [ + { + "label": "Overview", + "slug": "../serverless-sql-databases" + }, + { + "label": "Concepts", + "slug": "concepts" + }, + { + "label": "Quickstart", + "slug": "quickstart" + }, + { + "label": "FAQ", + "slug": "faq" + }, { "items": [ { diff --git a/pages/apple-silicon/how-to/remove-public-ip.mdx b/pages/apple-silicon/how-to/remove-public-ip.mdx new file mode 100644 index 0000000000..89b00db453 --- /dev/null +++ b/pages/apple-silicon/how-to/remove-public-ip.mdx @@ -0,0 +1,72 @@ +--- +meta: + title: How to remove the public IP address of a Mac mini + description: This page explains how to remove the public IP and secure your Mac mini with Private Network and SSH Bastion +content: + h1: How to remove the public IP address of a Mac mini + paragraph: This page explains how to remove the public IP and secure your Mac mini with Private Network and SSH Bastion +tags: mac-mini private network bastion +dates: + validation: 2025-05-13 + posted: 2022-05-13 +categories: + - bare-metal +--- + +After enabling Virtual Private Cloud (VPC) on your Mac Mini, you can enhance the security of your server by further restricting external access. +This guide walks you through a series of steps to ensure that your Mac Mini is isolated from unauthorized access while maintaining necessary connectivity for management and maintenance. + +By following these instructions, you will learn how to create a secure environment that uses Private Networks and an SSH Bastion to protect your machine from being reachable on the public Internet, while maintaining outgoing connectivity from the Mac mini. + + + +- A Scaleway account logged into the [console](https://console.scaleway.com) +- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization +- A [Mac mini](/apple-silicon/how-to/create-mac-mini/) + + + Before proceeding, note that removing the public IP from your Mac mini will have some side effects: + * You will no longer be able to reload SSH keys from the console. + * Scaleway's ability to monitor your server will be limited. Some actions, such as rebooting your machine, may result in an error state displayed in the console (although it will not prevent you from using your server). + + +## Enabling Private Networks for your Mac mini + +1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash page displays. +2. Click the Mac mini you want to enable Private Networks on. The Mac mini's **Overview** page displays. +3. In the **Private Networks feature** section, click **Enable Private Networks** to enable the feature. + A pop-up displays, asking you to confirm that you want to enable Private Networks, and showing the estimated cost. +4. Click **Enable Private Networks**. + + +## Setting up Private Networks/VLAN + +1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash page displays. +2. Click the Mac mini you want to attach to a Private Network. The Mac mini's **Overview** page displays. +3. Click the **Private Networks** tab. +4. Click **+ Attach to a Private Network**. A pop-up displays. +5. Select the Private Network you want to attach the Mac mini to. You can either auto-allocate an available IP from the Private Network's pool (default) or reserve a specific IP for your Mac mini using [IPAM](/ipam/quickstart/). +6. Click **Attach to Private Network**. + +### Configuring the Private Network on your Mac mini + +On your Mac Mini, set up the Private Network/VLAN. You can follow our guide [How to configure the VLAN interface on your Mac mini for Private Networks](/apple-silicon/how-to/use-private-networks/#how-to-configure-the-vlan-interface-on-your-mac-mini-for-private-networks) for more information. + +## Setting up a Public Gateway with SSH Bastion + +1. [Create a Public Gateway](/public-gateways/how-to/create-a-public-gateway/). +2. [Enable SSH Bastion](/public-gateways/how-to/use-ssh-bastion/). This will allow you to securely access your Mac Mini. +3. Connect to your machine through the Bastion. Verify that you can connect to your Mac Mini through the Bastion. + + You can also use the Bastion to connect to the remote desktop of your Mac using SSH port-forwarding. + To do this, forward traffic to port `5900` of your machine to reach the VNC service. + **This is a different port than the public VNC port displayed in your console.** + + +### Disable DHCP on the public interface and remove the public IP address + +Once you have verified that your Mac mini is reachable through the Bastion, you can proceed with disabling DHCP on your Mac's main network interface (`en0`) and removing its public address. +Your Mac Mini is now fully isolated from the public internet, and any further external access will have to occur from a resource inside the Private Network or through the Bastion. + + Your Mac Mini will still be able to access the internet through the gateway if needed. + \ No newline at end of file diff --git a/pages/apple-silicon/how-to/use-private-networks.mdx b/pages/apple-silicon/how-to/use-private-networks.mdx index 9c93611fbd..5aced3fff8 100644 --- a/pages/apple-silicon/how-to/use-private-networks.mdx +++ b/pages/apple-silicon/how-to/use-private-networks.mdx @@ -31,7 +31,7 @@ Before you can attach your Mac mini to a Private Network, you must enable the fe 1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash page displays. 2. Click the Mac mini you want to enable Private Networks on. The Mac mini's **Overview** page displays. -3. In the **Private Networks feature** panel, use the toggle button to enable the feature. +3. In the **Private Networks feature** section, click **Enable Private Networks** to enable the feature. A pop-up displays, asking you to confirm that you want to enable Private Networks, and showing the estimated cost. 4. Click **Enable Private Networks**. @@ -59,7 +59,7 @@ Private Networks are disabled, and you are returned to your Mac mini's **Overvie 2. Click the Mac mini you want to attach to a Private Network. The Mac mini's **Overview** page displays. 3. Click the **Private Networks** tab. 4. Click **+ Attach to a Private Network**. A pop-up displays. -5. Select the Private Network you want to attach the Mac mini to. It will be automatically assigned private IPv4 and IPv6 addresses on this network. The ability to use specific reserved IP addresses for the attachment is planned for the future. +5. Select the Private Network you want to attach the Mac mini to. You can either auto-allocate an available IP from the Private Network's pool (default) or reserve a specific IP for your Mac mini using [IPAM](/ipam/quickstart/). 6. Click **Attach to Private Network**. The Mac mini is attached to the Private Network, and you are returned to the **Private Networks** tab. The IPv4 and the IPv6 addresses for the Mac mini on the Private Network are displayed, along with the ID of the VLAN interface that was created. From 44d69fe15efd96120284ca17a8a00b202800fc6c Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 13 May 2025 13:44:32 +0200 Subject: [PATCH 2/7] docs(aps): fix typo --- pages/apple-silicon/how-to/remove-public-ip.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pages/apple-silicon/how-to/remove-public-ip.mdx b/pages/apple-silicon/how-to/remove-public-ip.mdx index 89b00db453..2476d33f60 100644 --- a/pages/apple-silicon/how-to/remove-public-ip.mdx +++ b/pages/apple-silicon/how-to/remove-public-ip.mdx @@ -24,7 +24,7 @@ By following these instructions, you will learn how to create a secure environme - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization - A [Mac mini](/apple-silicon/how-to/create-mac-mini/) - + Before proceeding, note that removing the public IP from your Mac mini will have some side effects: * You will no longer be able to reload SSH keys from the console. * Scaleway's ability to monitor your server will be limited. Some actions, such as rebooting your machine, may result in an error state displayed in the console (although it will not prevent you from using your server). @@ -63,7 +63,7 @@ On your Mac Mini, set up the Private Network/VLAN. You can follow our guide [How **This is a different port than the public VNC port displayed in your console.** -### Disable DHCP on the public interface and remove the public IP address +## Disable DHCP on the public interface and remove the public IP address Once you have verified that your Mac mini is reachable through the Bastion, you can proceed with disabling DHCP on your Mac's main network interface (`en0`) and removing its public address. Your Mac Mini is now fully isolated from the public internet, and any further external access will have to occur from a resource inside the Private Network or through the Bastion. From 720836c20f45782fdd77b4fcffd307b82843fba2 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 13 May 2025 13:46:01 +0200 Subject: [PATCH 3/7] docs(aps): update formatting --- pages/apple-silicon/how-to/remove-public-ip.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/apple-silicon/how-to/remove-public-ip.mdx b/pages/apple-silicon/how-to/remove-public-ip.mdx index 2476d33f60..956d482a26 100644 --- a/pages/apple-silicon/how-to/remove-public-ip.mdx +++ b/pages/apple-silicon/how-to/remove-public-ip.mdx @@ -48,7 +48,7 @@ By following these instructions, you will learn how to create a secure environme 5. Select the Private Network you want to attach the Mac mini to. You can either auto-allocate an available IP from the Private Network's pool (default) or reserve a specific IP for your Mac mini using [IPAM](/ipam/quickstart/). 6. Click **Attach to Private Network**. -### Configuring the Private Network on your Mac mini +## Configuring the Private Network on your Mac mini On your Mac Mini, set up the Private Network/VLAN. You can follow our guide [How to configure the VLAN interface on your Mac mini for Private Networks](/apple-silicon/how-to/use-private-networks/#how-to-configure-the-vlan-interface-on-your-mac-mini-for-private-networks) for more information. From c8d864e9cc92293bd9f6ccf5013adf361c5b0a40 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 13 May 2025 13:51:21 +0200 Subject: [PATCH 4/7] fix(aps): fix typo --- pages/apple-silicon/how-to/remove-public-ip.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pages/apple-silicon/how-to/remove-public-ip.mdx b/pages/apple-silicon/how-to/remove-public-ip.mdx index 956d482a26..9fdd155dd1 100644 --- a/pages/apple-silicon/how-to/remove-public-ip.mdx +++ b/pages/apple-silicon/how-to/remove-public-ip.mdx @@ -63,7 +63,7 @@ On your Mac Mini, set up the Private Network/VLAN. You can follow our guide [How **This is a different port than the public VNC port displayed in your console.** -## Disable DHCP on the public interface and remove the public IP address +## Disabling DHCP on the public interface and removing the public IP address Once you have verified that your Mac mini is reachable through the Bastion, you can proceed with disabling DHCP on your Mac's main network interface (`en0`) and removing its public address. Your Mac Mini is now fully isolated from the public internet, and any further external access will have to occur from a resource inside the Private Network or through the Bastion. From 72e8c91e80d24407833c117b506c7654e0679249 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 13 May 2025 14:36:06 +0200 Subject: [PATCH 5/7] docs(aps): fix --- menu/navigation.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/menu/navigation.json b/menu/navigation.json index 279f27639b..9f9db7513c 100644 --- a/menu/navigation.json +++ b/menu/navigation.json @@ -1056,7 +1056,7 @@ "slug": "use-private-networks" }, { - "label": "Remove the public IP address", + "label": "Remove the public IP address of a Mac mini", "slug": "remove-public-ip" }, { From d55b15f1586484ca2f2666c80c5c0c7116a1923e Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 13 May 2025 15:12:00 +0200 Subject: [PATCH 6/7] fix(aps): fix wording --- menu/navigation.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/menu/navigation.json b/menu/navigation.json index 9f9db7513c..279f27639b 100644 --- a/menu/navigation.json +++ b/menu/navigation.json @@ -1056,7 +1056,7 @@ "slug": "use-private-networks" }, { - "label": "Remove the public IP address of a Mac mini", + "label": "Remove the public IP address", "slug": "remove-public-ip" }, { From 843e7e5d3b657d71690aa31e6eb4e6753a9ab859 Mon Sep 17 00:00:00 2001 From: Benedikt Rollik Date: Tue, 13 May 2025 17:02:37 +0200 Subject: [PATCH 7/7] Apply suggestions from code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: NĂ©da <87707325+nerda-codes@users.noreply.github.com> --- pages/apple-silicon/how-to/remove-public-ip.mdx | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/pages/apple-silicon/how-to/remove-public-ip.mdx b/pages/apple-silicon/how-to/remove-public-ip.mdx index 9fdd155dd1..4717727940 100644 --- a/pages/apple-silicon/how-to/remove-public-ip.mdx +++ b/pages/apple-silicon/how-to/remove-public-ip.mdx @@ -13,7 +13,7 @@ categories: - bare-metal --- -After enabling Virtual Private Cloud (VPC) on your Mac Mini, you can enhance the security of your server by further restricting external access. +After enabling Virtual Private Cloud (VPC) on your Mac mini, you can enhance the security of your server by further restricting external access. This guide walks you through a series of steps to ensure that your Mac Mini is isolated from unauthorized access while maintaining necessary connectivity for management and maintenance. By following these instructions, you will learn how to create a secure environment that uses Private Networks and an SSH Bastion to protect your machine from being reachable on the public Internet, while maintaining outgoing connectivity from the Mac mini. @@ -32,7 +32,7 @@ By following these instructions, you will learn how to create a secure environme ## Enabling Private Networks for your Mac mini -1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash page displays. +1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash screen displays. 2. Click the Mac mini you want to enable Private Networks on. The Mac mini's **Overview** page displays. 3. In the **Private Networks feature** section, click **Enable Private Networks** to enable the feature. A pop-up displays, asking you to confirm that you want to enable Private Networks, and showing the estimated cost. @@ -41,7 +41,7 @@ By following these instructions, you will learn how to create a secure environme ## Setting up Private Networks/VLAN -1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash page displays. +1. Click **Apple silicon** in the **Bare Metal** section of the side menu. The Apple silicon splash screen displays. 2. Click the Mac mini you want to attach to a Private Network. The Mac mini's **Overview** page displays. 3. Click the **Private Networks** tab. 4. Click **+ Attach to a Private Network**. A pop-up displays. @@ -50,13 +50,13 @@ By following these instructions, you will learn how to create a secure environme ## Configuring the Private Network on your Mac mini -On your Mac Mini, set up the Private Network/VLAN. You can follow our guide [How to configure the VLAN interface on your Mac mini for Private Networks](/apple-silicon/how-to/use-private-networks/#how-to-configure-the-vlan-interface-on-your-mac-mini-for-private-networks) for more information. +On your Mac mini, set up the Private Network/VLAN. You can follow our guide [How to configure the VLAN interface on your Mac mini for Private Networks](/apple-silicon/how-to/use-private-networks/#how-to-configure-the-vlan-interface-on-your-mac-mini-for-private-networks) for more information. ## Setting up a Public Gateway with SSH Bastion 1. [Create a Public Gateway](/public-gateways/how-to/create-a-public-gateway/). -2. [Enable SSH Bastion](/public-gateways/how-to/use-ssh-bastion/). This will allow you to securely access your Mac Mini. -3. Connect to your machine through the Bastion. Verify that you can connect to your Mac Mini through the Bastion. +2. [Enable SSH Bastion](/public-gateways/how-to/use-ssh-bastion/). This will allow you to securely access your Mac mini. +3. Connect to your machine through the Bastion. Verify that you can connect to your Mac mini through the Bastion. You can also use the Bastion to connect to the remote desktop of your Mac using SSH port-forwarding. To do this, forward traffic to port `5900` of your machine to reach the VNC service. @@ -66,7 +66,7 @@ On your Mac Mini, set up the Private Network/VLAN. You can follow our guide [How ## Disabling DHCP on the public interface and removing the public IP address Once you have verified that your Mac mini is reachable through the Bastion, you can proceed with disabling DHCP on your Mac's main network interface (`en0`) and removing its public address. -Your Mac Mini is now fully isolated from the public internet, and any further external access will have to occur from a resource inside the Private Network or through the Bastion. +Your Mac mini is now fully isolated from the public internet, and any further external access will have to occur from a resource inside the Private Network or through the Bastion. - Your Mac Mini will still be able to access the internet through the gateway if needed. + Your Mac mini will still be able to access the internet through the gateway if needed. \ No newline at end of file