Install Flowise with coolify on VPS
Complete Setup Guide with Coolify & SSL (Traefik)
Prerequisites
- A VPS with Docker & Coolify v4 running (proxy enabled)
- A domain or subdomain pointing to your VPS, e.g. flowise.your-domain.com → A record to your VPS IP
- Ports 80 and 443 open on the VPS firewall / provider panel
Tip: If you use Cloudflare, set the record to DNS only (gray cloud) while issuing the first certificate, or use the dns-01 method later.
1Create a Project & Service
In Coolify, create (or open) a project.
Add a service. You can choose the "Flowise" template or "Custom container." Use the image:
flowiseai/flowise:latest
2Persistent Storage
Add one volume so your data survives updates:
Destination path: /root/.flowise
(Leave source/volume name as generated by Coolify)
3Environment Variables
Add these (adjust to taste):
PORT=3001
DEBUG=false
DISABLE_FLOWISE_TELEMETRY=true
# Login to the app (first-run admin form uses these)
FLOWISE_USERNAME=admin@example.com
FLOWISE_PASSWORD=change-this-strong-password
# Keep all state in the mounted folder
DATABASE_PATH=/root/.flowise
APIKEY_PATH=/root/.flowise
SECRETKEY_PATH=/root/.flowise
LOG_PATH=/root/.flowise/logs
BLOB_STORAGE_PATH=/root/.flowise/storage
4Networking & SSL (Robust Labels)
Important: Leave the Domains field empty for this service (we'll supply explicit Traefik labels). Also disable "Strip Prefixes."
Open Edit Compose and replace your service with this known-good block:
services:
flowise:
image: flowiseai/flowise:latest
environment:
- 'PORT=${PORT:-3001}'
- 'DEBUG=${DEBUG:-false}'
- 'DISABLE_FLOWISE_TELEMETRY=${DISABLE_FLOWISE_TELEMETRY:-true}'
- 'FLOWISE_USERNAME=${FLOWISE_USERNAME}'
- 'FLOWISE_PASSWORD=${FLOWISE_PASSWORD}'
- DATABASE_PATH=/root/.flowise
- APIKEY_PATH=/root/.flowise
- SECRETKEY_PATH=/root/.flowise
- LOG_PATH=/root/.flowise/logs
- BLOB_STORAGE_PATH=/root/.flowise/storage
volumes:
- flowise-data:/root/.flowise
expose:
- "3001" # make the app's internal port visible to Traefik
labels:
- traefik.enable=true
- traefik.docker.network=coolify
# internal service (Traefik -> container)
- traefik.http.services.flowise-svc.loadbalancer.server.port=3001
# HTTPS router (correct entrypoints: https/http in Coolify)
- traefik.http.routers.flowise-https.rule=Host(`flowise.your-domain.com`)
- traefik.http.routers.flowise-https.entrypoints=https
- traefik.http.routers.flowise-https.tls=true
- traefik.http.routers.flowise-https.tls.certresolver=letsencrypt
- traefik.http.routers.flowise-https.service=flowise-svc
# HTTP -> HTTPS redirect
- traefik.http.routers.flowise-http.rule=Host(`flowise.your-domain.com`)
- traefik.http.routers.flowise-http.entrypoints=http
- traefik.http.routers.flowise-http.middlewares=flowise-redirect
- traefik.http.middlewares.flowise-redirect.redirectscheme.scheme=https
networks:
- coolify
healthcheck:
test: ["CMD-SHELL", "wget -qO- http://127.0.0.1:3001 || exit 1"]
interval: 5s
timeout: 5s
retries: 3
networks:
coolify:
external: true
Replace flowise.your-domain.com with your real FQDN.
Save.
5Deploy & Request the Certificate
Restart the Flowise service.
(First time only) If you previously tried other configs, SSH and clear old ACME cache, then restart the proxy:
sudo rm -f /data/coolify/proxy/acme.json
# Back in Coolify → Servers → Proxy → Restart Proxy
6Verify
Check service logs until you see: "Flowise Server is listening at: 3001"
From your laptop:
curl -I http://flowise.your-domain.com # should 301/307 to https
curl -I https://flowise.your-domain.com # should return 200 and a valid cert
Open the site in the browser; you should see the Setup Account page. Use the email in FLOWISE_USERNAME and set a password.
Upgrading Later
Open the service and Restart (Coolify will pull flowiseai/flowise:latest).
Your flows & keys persist in /root/.flowise.
Optional: Using Cloudflare (DNS-01)
If you must keep orange-cloud on:
Configure dns-01 in the Coolify proxy (add your Cloudflare API token), set the labels' certresolver to that DNS resolver name, and you won't need port 80 open. Otherwise just gray-cloud while the first cert issues.
Common Pitfalls & Quick Fixes
Browser says "Not secure", Traefik logs show EntryPoint doesn't exist web/websecure
→ Your proxy uses http/https entrypoints (Coolify default). Make sure labels use entrypoints=https and entrypoints=http, not web/websecure.
Traefik logs: error: port is missing
→ Add expose: "3001" and the label traefik.http.services.flowise-svc.loadbalancer.server.port=3001.
Traefik logs: Host('') && PathPrefix('yourdomain.com')
→ That's a malformed auto-router. Clear the Domains field for this service and rely on the explicit labels above. Also ensure Strip Prefixes is off.
Still seeing an old router
→ Multiple containers running with different labels can conflict. Remove old ones:
docker ps --format '{{.Names}}' | grep -i flowise
docker rm -f <old_container_name>
Let's Encrypt rate-limits (429) for another domain appear in logs
→ Unrelated services can hit their own limits; it doesn't block the Flowise domain from getting a cert once your routers are correct.
Security Hardening (Recommended)
- Use a strong FLOWISE_PASSWORD and an admin email you control
- Restrict access (optional) with IP allow-lists via an extra Traefik middleware, or place Flowise behind an OAuth proxy
- Back up the /root/.flowise volume regularly
TL;DR Copy-Paste Recipe
- A record: flowise.your-domain.com → your VPS IP
- Env: PORT=3001, set FLOWISE_USERNAME/PASSWORD
- Mount: /root/.flowise
- Compose: use the labels block above (http/https entrypoints, certresolver=letsencrypt)
- Deploy: restart proxy, visit https://flowise.your-domain.com
That's it—solid, repeatable, and production-ready.