automation-suite
2.2510
false
UiPath logo, featuring letters U and I in white

Guia de instalação do Automation Suite no Linux

Última atualização 13 de nov de 2025

Optional: Configuring the L7 Load Balancer

Visão geral

Layer 7 (L7) load balancer support is available as an optional alternative to the standard Layer 4 (L4) configuration for multi-node, HA-ready production deployments. Unlike L4 load balancers, which operate at the network/transport layer, L7 load balancers provide application-layer intelligence with advanced traffic management capabilities.

Key benefits of using an L7 load balancer include:

  • Web Application Firewall (WAF) protection against common web vulnerabilities
  • SSL/TLS termination at the load balancer level, reducing backend server load
  • Content and path-based routing for intelligent traffic distribution
  • Advanced monitoring and analytics with application-layer visibility
Importante:
  • RKE2 does not support TLS termination at the load balancer level. This requires direct TCP/TLS passthrough for services such as the Kubernetes API and RKE2 Supervisor.
  • L4 configuration is recommended; however, L7 configuration is also supported.
  • L7 load balancers support the same x-forwarded-for header preservation for client IP tracking.

The following diagram shows how HTTPS traffic is processed by the L7 load balancer.

docs image
Importante:

  1. HTTPS Listener Certificate

    You must configure a client-validated TLS certificate (custom SAN certificate) on the load balancer’s HTTPS listener. This ensures that all browser and API clients trust the Automation Suite endpoint. The certificate is required for the client-to-load balancer SSL connection.

  2. Backend TLS certificates

    If your server-side TLS certificates are self-signed or not issued by a public CA, upload the corresponding root certificate into the load balancer’s backend configuration. This allows the load balancer to validate and re-encrypt traffic to the Automation Suite servers. The certificate is required for the load balancer-to-server SSL connection.

Automation Suite supports two L7 load balancer configurations:

Recommended configuration: L7 load balancer with L4 capabilities

This configuration provides full L7 capabilities while maintaining RKE2 compatibility.

Requisitos

To use this configuration, your load balancer must meet the following requirements:
  • Support both L7 and L4 modes (for example, Azure Application Gateway)
  • Allow TCP/TLS passthrough for Kubernetes control plane services (ports 6443 and 9345), which require direct TCP/TLS connectivity

Configurando o pool de back-end

As part of the configuration, you need to set up the following backend pools on the load balancer:
  • Server pool: All server nodes only (no agent nodes)
  • Node pool: All server nodes plus nonspecialized agent nodes (no GPU or attended robots)
  • Temporary registry pool: The server node where the temporary registry is installed
    • This pool is used only during installation, node joining, and upgrade. After completing those procedures, you can close it.

Habilitando portas no balanceador de carga

You must enable the following ports on the load balancer. The following table lists the required ports and their traffic handling.

PortaProtocolCamadaFinalidadeTraffic handling
443HttpsL7Automation Suite web accessSSL termination at load balancer (node pool)
300701HttpL7Temporary registry accessNo TLS termination (temporary registry pool)
6443TCPL4Kubernetes API access (node joining)TCP/TLS passthrough (server pool)
9345TCPL4Kubernetes API access (node joining)TCP/TLS passthrough (server pool)
1If you do not have an external OCI-compliant registry, you must open port 30070 on the load balancer and on the server node where the temporary Docker registry is installed.

Also configure listeners, health probes, routing rules, and backend settings in the load balancer according to the definitions above.

The following diagram describes how ports are enabled and mapped in an L7 load balancer with L4 capabilities.

docs image

Alternative configuration: L7-only load balancer

This configuration is intended for environments where L4 capabilities are not available. In this case, node joining bypasses the L7 load balancer and connects directly to the server nodes for control plane traffic.

Importante:
  • This configuration does not provide resilience if nodes fail during installation.
  • If the primary server is down or deleted, you must update the cluster configuration. If you are adding a new server node after deletion, configure it appropriately based on your requirements before adding it to the server node pool.
  • The FQDN of the primary server must be remapped to another available machine in the cluster.

Configurando o pool de back-end

In this configuration, you need to create the following backend pools on the load balancer:
  • Node pool: Contains all server nodes and nonspecialized agent nodes
  • Temporary registry pool (if required): Contains the server node where the temporary registry is installed

Habilitando portas no balanceador de carga

You must enable the following ports on the load balancer. The following table lists the required ports and their traffic handling.

PortaProtocolFinalidadeTraffic handling
443HttpsAutomation Suite web accessForward traffic to the node pool
The following diagram shows the port configuration for an L7-only load balancer.
docs image

Esta página foi útil?

Suporte e serviços
Obtenha a ajuda que você precisa
UiPath Academy
Aprendendo RPA - Cursos de automação
Fórum do UiPath
Fórum da comunidade da Uipath
Uipath Logo
Confiança e segurança
Termos de Uso
Política de Privacidade
Política de cookies
© 2005-2025 UiPath. Todos os direitos reservados.