Deploy Flowise on AWS EC2: Production Setup Guide 2026

Deploy Flowise on AWS EC2 with Docker, HTTPS via Nginx, authentication, and persistent storage. Production-ready in under 30 minutes.
·
5 min read
·
Mark
·
Flowise

Problem: Flowise on Localhost Won't Cut It in Production

Running npx flowise start on your laptop works fine for testing. The moment you need teammates to access it, connect it to a webhook, or keep it alive overnight — you need a real server.

You'll learn:

  • Launch and configure an EC2 instance sized for Flowise
  • Run Flowise in Docker with persistent storage and environment secrets
  • Terminate HTTPS with Nginx + Let's Encrypt
  • Lock down access with Flowise's built-in username/password auth

Time: 30 min | Difficulty: Intermediate

Why EC2 for Flowise

Flowise is a Node.js app backed by SQLite (default) or PostgreSQL. It stores chatflows, credentials, and uploaded files on disk. That means your deployment needs:

  • Persistent storage — don't lose chatflows on container restart
  • A stable IP or domain — for webhooks and OAuth callbacks
  • HTTPS — most LLM provider webhooks reject plain HTTP

EC2 gives you all three without managed-service overhead. A t3.medium (2 vCPU, 4GB RAM) handles Flowise comfortably for teams of 1–10.

Solution

Step 1: Launch an EC2 Instance

In the AWS console, launch a new instance with these settings:

  • AMI: Ubuntu 24.04 LTS (x86_64)
  • Instance type: t3.medium (minimum); t3.large for heavy RAG workloads
  • Storage: 20GB gp3 (increase to 50GB if storing large document uploads)
  • Key pair: Create or select an existing .pem key

Security Group rules — open these ports:

PortProtocolSourceWhy
22TCPYour IP onlySSH access
80TCP0.0.0.0/0HTTP → redirects to HTTPS
443TCP0.0.0.0/0HTTPS traffic

Do not expose port 3000 (Flowise's default) directly. Nginx will proxy it.

Step 2: Connect and Install Dependencies

# SSH into the instance
ssh -i your-key.pem ubuntu@YOUR_EC2_PUBLIC_IP

# Update and install Docker + Nginx
sudo apt update && sudo apt upgrade -y
sudo apt install -y docker.io nginx certbot python3-certbot-nginx

# Add ubuntu user to docker group (avoids sudo on every docker command)
sudo usermod -aG docker ubuntu
newgrp docker

# Verify Docker
docker --version

Expected: Docker version 26.x.x

Step 3: Point a Domain at Your EC2 IP

Before running Certbot, your domain must resolve to the instance.

In your DNS provider, add an A record:

Type: A
Name: flowise          (or @ for root domain)
Value: YOUR_EC2_PUBLIC_IP
TTL: 300

Wait 2–5 minutes, then verify:

dig +short flowise.yourdomain.com
# Should return your EC2 IP

Step 4: Run Flowise with Docker

Create a directory for persistent data and an environment file:

mkdir -p ~/flowise/data
cd ~/flowise

Create the environment file:

# ~/flowise/.env
# FLOWISE_USERNAME and FLOWISE_PASSWORD enable the login gate
cat > .env << 'EOF'
FLOWISE_USERNAME=admin
FLOWISE_PASSWORD=change-this-strong-password
FLOWISE_SECRETKEY_OVERWRITE=your-random-32-char-secret
DATABASE_PATH=/root/.flowise
APIKEY_PATH=/root/.flowise
LOG_PATH=/root/.flowise/logs
EOF

Run the container:

docker run -d \
  --name flowise \
  --restart unless-stopped \
  -p 127.0.0.1:3000:3000 \
  --env-file .env \
  -v ~/flowise/data:/root/.flowise \
  flowiseai/flowise:latest

Key flags explained:

  • -p 127.0.0.1:3000:3000 — binds only to localhost, not the public internet
  • --restart unless-stopped — survives reboots and crashes
  • -v ~/flowise/data:/root/.flowise — persists chatflows and credentials to host disk

Verify it's running:

docker ps
curl -s http://localhost:3000/api/v1/ping

Expected: {"ping":"pong"}

If it fails:

  • Container exits immediately → Check logs: docker logs flowise
  • connection refused on curl → Container is still starting; wait 10 seconds and retry

Step 5: Configure Nginx as a Reverse Proxy

sudo nano /etc/nginx/sites-available/flowise

Paste this config (replace flowise.yourdomain.com):

server {
    listen 80;
    server_name flowise.yourdomain.com;

    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;

        # Required for Flowise's WebSocket-based streaming
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Increase timeout for long LLM inference calls
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }
}

Enable the site and test:

sudo ln -s /etc/nginx/sites-available/flowise /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Expected: nginx: configuration file /etc/nginx/nginx.conf test is successful

Step 6: Add HTTPS with Let's Encrypt

sudo certbot --nginx -d flowise.yourdomain.com

Certbot will:

  1. Verify domain ownership via HTTP challenge
  2. Obtain a certificate
  3. Automatically modify your Nginx config to redirect HTTP → HTTPS

When prompted, choose option 2: Redirect to force HTTPS on all traffic.

Verify auto-renewal:

sudo certbot renew --dry-run

Expected: Congratulations, all simulated renewals succeeded

Step 7: Harden the Setup

Limit Docker container resources to prevent runaway memory during large document ingestion:

# Stop and recreate with resource limits
docker stop flowise && docker rm flowise

docker run -d \
  --name flowise \
  --restart unless-stopped \
  -p 127.0.0.1:3000:3000 \
  --env-file .env \
  -v ~/flowise/data:/root/.flowise \
  --memory="2g" \
  --cpus="1.5" \
  flowiseai/flowise:latest

Set up a basic backup for your chatflows:

# Add to crontab: daily backup at 2am
crontab -e

# Add this line:
0 2 * * * tar -czf ~/backups/flowise-$(date +\%Y\%m\%d).tar.gz ~/flowise/data

Create the backup directory:

mkdir -p ~/backups

Verification

Open https://flowise.yourdomain.com in a browser.

You should see the Flowise login screen — enter the username and password from your .env file.

Run a full connectivity check from your local machine:

# Check HTTPS cert is valid
curl -sv https://flowise.yourdomain.com/api/v1/ping 2>&1 | grep -E "SSL|pong"

You should see:

  • SSL connection using TLSv1.3
  • {"ping":"pong"}

Check the container is persisting data correctly:

# On the EC2 instance — should show SQLite DB and credential files
ls -la ~/flowise/data/

Expected: Files like database.sqlite, config/, logs/

What You Learned

  • Flowise runs well on a t3.medium — no GPU required unless you're running local models alongside it
  • Binding Docker to 127.0.0.1:3000 instead of 0.0.0.0:3000 means Nginx is the only entry point
  • The FLOWISE_USERNAME / FLOWISE_PASSWORD env vars are the simplest auth layer; for team use, consider adding Nginx basic auth as a second factor
  • proxy_read_timeout 300s is not optional — without it, Nginx kills long inference requests after 60 seconds

When to switch away from SQLite: Once you have more than 2–3 concurrent users editing chatflows, set DATABASE_TYPE=postgres and point Flowise at an RDS instance. SQLite's write locking becomes a bottleneck.

Tested on Flowise 2.2.x, Docker 26.1, Ubuntu 24.04, Nginx 1.24, AWS t3.medium