Automation Suite
2023.10
false
Step 8: Applying miscellaneous settings - Automation Suite 2023.10
Banner background image
logo
Automation Suite on Linux Installation Guide
Last updated Feb 13, 2024

Step 8: Applying miscellaneous settings

Enabling FIPS 140-2

This section explains how to enable FIPS 140-2 on your machines.

You can enable FIPS on your Red Hat Linux-based virtual machines. To do that, take the following steps:

  1. Enable FIPS by running the following command on all your machines before starting the installation:

    fips-mode-setup --enablefips-mode-setup --enable
  2. Reboot your machines and check if you successfully enabled FIPS by running the following command:

    fips-mode-setup --checkfips-mode-setup --check
Important: Insights is currently not supported on FIPS 140-2-enabled machines. Make sure to disable Insights when installing Automation Suite on a FIPS 140-2-enabled machines.

For details on the additional steps you must take to start using Automation Suite on FIPS 140-2 machines, see Security best practices.

Optional: Configuring the proxy server

To configure a proxy, you need to perform additional configuration steps while setting up your environment with the prerequisites and during the advanced configuration phase of installation time.

The following steps are required when setting up your environment.

Note: We currently do not support HTTPS proxy with self-signed certificates. Make sure you use a public trusted certificate if you are configuring the proxy.

Step 1: Enabling ports on the virtual network

Make sure that you have the following rules enabled on your network security group for the given Virtual Network.

Source

Destination

Route via proxy

Port

Description

Virtual Network

SQL

No

SQL server port

Required for SQL Server.

Virtual Network

Load Balancer

No

9345

6443

Required to add new nodes to the cluster.

Virtual Network

Cluster(subnet)

No

All ports

Required for communication over a private IP range.

Virtual Network

alm.<fqdn>

No

443

Required for login and using ArgoCD client during deployment.

Virtual Network

Proxy Server

Yes

All ports

Required to route traffic to the proxy server.

Virtual Network

NameServer

No

All ports

Most of the cloud services such as Azure and AWS use this to fetch the VM metadata and consider this a private IP.

Virtual Network

MetaDataServer

No

All ports

Most of the cloud services such as Azure and AWS use the IP address 169.254.169.254 to fetch machine metadata.

Step 2: Adding proxy configuration to each node

When configuring the nodes, you need to add the proxy configuration to each node that is part of the cluster. This step is required to route outbound traffic from the node via the proxy server.

  1. Add the following configuration in /etc/environment:
    http_proxy=http://<PROXY-SERVER-IP>:<PROXY-PORT>
    https_proxy=http://<PROXY-SERVER-IP>:<PROXY-PORT>
    no_proxy=alm.<fqdn>,<fixed_rke2_address>,<named server address>,<metadata server address>,<private_subnet_ip>,localhost,<Comma separated list of ips that should not got though proxy server>http_proxy=http://<PROXY-SERVER-IP>:<PROXY-PORT>
    https_proxy=http://<PROXY-SERVER-IP>:<PROXY-PORT>
    no_proxy=alm.<fqdn>,<fixed_rke2_address>,<named server address>,<metadata server address>,<private_subnet_ip>,localhost,<Comma separated list of ips that should not got though proxy server>
  2. Add the following configuration in /etc/wgetrc:
    http_proxy=http://<PROXY-SERVER-IP>:<PROXY-PORT>
    https_proxy=http://<PROXY-SERVER-IP>:<PROXY-PORT>
    no_proxy=alm.<fqdn>,<fixed_rke2_address>,<named server address>,<metadata server address>,<private_subnet_ip>,localhost,<Comma separated list of ips that should not got though proxy server>http_proxy=http://<PROXY-SERVER-IP>:<PROXY-PORT>
    https_proxy=http://<PROXY-SERVER-IP>:<PROXY-PORT>
    no_proxy=alm.<fqdn>,<fixed_rke2_address>,<named server address>,<metadata server address>,<private_subnet_ip>,localhost,<Comma separated list of ips that should not got though proxy server>

    Mandatory parameters

    Description

    http_proxy

    Used to route HTTP outbound requests from the node. This should be the proxy server FQDN and port.

    https_proxy

    Used to route HTTPS outbound requests from the node. This should be the proxy server FQDN and port.

    no_proxy

    Comma-separated list of hosts, IP addresses that you do not want to route via the proxy server. This should be a private subnet, SQL server host, named server address, metadata server address: alm.<fqdn>,<fixed_rke2_address>,<named server address>,<metadata server address>.
    • metadata server address – Most of the cloud services such as Azure and AWS use the IP address 169.254.169.254 to fetch machine metadata.
    • named server address – Most of the cloud services such as Azure and AWS use this to resolve DNS query.
    Important:
    If you use AI Center with an external Orchestrator, you must add the external Orchestrator domain to the no_proxy list.
  3. Verify if the proxy settings are properly configured by running the following command:

    curl -v $HTTP_PROXY
    curl -v <fixed_rke_address>:9345curl -v $HTTP_PROXY
    curl -v <fixed_rke_address>:9345
    Important: Once you meet the proxy server requirements, make sure to continue with the proxy configuration during installation. Follow the steps in Optional: Configuring the proxy server to ensure the proxy server is set up properly.
Support and Services icon
Get The Help You Need
UiPath Academy icon
Learning RPA - Automation Courses
UiPath Forum icon
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.