Langflow 1.6.9 (Ubuntu 22.04) AMI Administrator Guide
1. Quick Start Information
Usage instructions:
Connection Methods:
- Access the instance via SSH using the
ubuntuuser. Usesudoto run commands requiring root privileges. To switch to the root user, usesudo su - root.
Install Information:
- OS: Ubuntu 22.04 LTS
- Langflow version: 1.6.9
- Langflow Install Directory:
/usr/local/langflow
Langflow Service Management:
- To start Langflow Service:
sudo systemctl start langflow - To stop Langflow Service:
sudo systemctl stop langflow - To status Langflow Service:
sudo systemctl status langflow
Accessing Langflow:
- Visit
https://YOUR_IPto start using Langflow.
Web username and password:
- View via the command:
sudo cat /usr/local/langflow/readme
Firewall Configuration:
- Please allow SSH port 22 and Langflow port 443.
- For security, it is recommended to limit access to trusted IPs only.
2. Overview
Welcome to this Langflow 1.6.9 AMI. This image is based on Ubuntu 22.04 LTS and has been pre-configured as a secure, auto-starting production environment.
This guide not only explains how to use this AMI but also details its internal configuration.
- Core Features: Langflow 1.6.9, Full-featured (CPU Torch, EasyOCR), HTTPS, Password Authentication,
systemdauto-start. - Target Audience: System administrators and advanced users who need to deploy or manage Langflow instances.
3. First Launch & Access (Mandatory)
Step 1: Configure Security Group (Firewall)
In your cloud provider's console (e.g., AWS EC2), add inbound rules to the security group for this instance to allow:
- TCP Port 443 (HTTPS): Required for accessing the Langflow Web interface (Mandatory).
- TCP Port 22 (SSH): (Optional) Allows logging into the server for management.
Step 2: Access the Langflow Instance
- Get your instance's public IP address.
- Open a brand new browser "Incognito Window".
- In the address bar, type
https://and your IP address (do not add a port number):https://[Your_Public_IP]
Step 3: Handle the SSL Security Warning
- You will see a full-screen security warning ("NET::ERR_CERT_AUTHORITY_INVALID").
- This is normal, because this AMI uses a self-signed certificate to ensure traffic is encrypted.
- Please click "Advanced" -> "Proceed to [IP Address] (unsafe)".
Step 4: Login
You will now see the Langflow login page. Please enter the default credentials (see Section 5).
4. Architecture & Detailed Configuration
All configurations in this AMI follow Linux production environment standards.
- Service Architecture:
[Public]->Nginx (Port 443, SSL)->Langflow (127.0.0.1:7860) - Service User: All applications run as the non-root user
ubuntu. - Application Directory:
/usr/local/langflow
4.1. Langflow Application & Virtual Environment
Path
/usr/local/langflow
Includes Files
.venv/: The Python virtual environment, containinglangflow,torch,easyocr, and all other libraries..env: The configuration file storing all passwords and secret keys.
Configuration (How-To-Create)
This directory and environment were configured via the following steps (as root and ubuntu users):
# (As root) 1. Create directory and set permissions
sudo mkdir -p /usr/local/langflow
sudo chown ubuntu:ubuntu /usr/local/langflow
# (As root) 2. Switch to ubuntu user
sudo -u ubuntu -i
# --- (As ubuntu) 3. Install uv ---
curl -Lfs https://astral.sh/uv/install.sh | sh
source /home/ubuntu/.bashrc
# --- (As ubuntu) 4. Enter new directory and create environment ---
cd /usr/local/langflow
uv venv
# --- (As ubuntu) 5. Critical 3-step installation ---
# 5.1. Pre-install CPU version of torch
uv pip install torch --index-url https://download.pytorch.org/whl/cpu
# 5.2. Install Langflow 1.6.9 core
uv pip install "langflow==1.6.9" -U
# 5.3. Manually install "all" dependencies (easyocr, unstructured)
uv pip install easyocr unstructured
# --- (As ubuntu) 6. Exit ---
exit
4.2. Langflow Credentials (.env file)
Path
/usr/local/langflow/.env
File Content
(This is the environment variable file loaded by langflow.service)
# --- Force enable authentication ---
LANGFLOW_AUTO_LOGIN=False
# --- Your Superuser ---
# (Recommended to run "openssl rand -base64 18" to generate a strong password)
LANGFLOW_SUPERUSER=YOUR_ADMIN_NAME
LANGFLOW_SUPERUSER_PASSWORD=YOUR_PASSWORD
# --- Your Security Key ---
# (Must be set! Run "openssl rand -hex 32" to generate your own)
LANGFLOW_SECRET_KEY=Your_Own_64_Char_Secret_Key_Here
# --- Recommended Security Settings ---
LANGFLOW_NEW_USER_IS_ACTIVE=False
LANGFLOW_ENABLE_SUPERUSER_CLI=False
Configuration (How-To-Create)
# (As ubuntu user)
cd /usr/local/langflow
vi .env
# (Paste the content above)
chmod 600 .env
4.3. Langflow Auto-start Service (systemd)
Path
/etc/systemd/system/langflow.service
File Content
(This file defines how langflow runs as a system service)
[Unit]
Description=Langflow Server
After=network.target
[Service]
# Run as ubuntu user
User=ubuntu
Group=ubuntu
# Load all passwords and configurations from .env file
EnvironmentFile=/usr/local/langflow/.env
# (Critical) Set the correct working directory
WorkingDirectory=/usr/local/langflow/
# (Critical) uv is in ubuntu's home, langflow is in .venv (auto), listening locally
ExecStart=/home/ubuntu/.local/bin/uv run langflow run --host 127.0.0.1 --port 7860
# Auto-restart policy
Restart=always
RestartSec=5s
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
Configuration (How-To-Create)
# (As root)
sudo vi /etc/systemd/system/langflow.service
# (Paste the content above)
sudo systemctl daemon-reload
sudo systemctl enable langflow
4.4. Nginx Reverse Proxy (SSL)
Path
/etc/nginx/sites-enabled/langflow
File Content
(This file is a symbolic link to /etc/nginx/sites-available/langflow)
# --- HTTP Redirect Block (Port 80 -> 443) ---
server {
listen 80;
listen [::]:80;
# Listen on all IPs/Domains
server_name _;
# Force redirect all HTTP traffic to HTTPS
return 301 https://$host$request_uri;
}
# --- Main Langflow Server Block (Port 443) ---
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name _;
# SSL Configuration
ssl_certificate /etc/nginx/ssl/langflow.crt;
ssl_certificate_key /etc/nginx/ssl/langflow.key;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
# Forward traffic to local Langflow service
proxy_pass http://127.0.0.1:7860;
# Standard Proxy Headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket Support (Required for Langflow chat)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Configuration (How-To-Create)
# (As root) 1. Create self-signed certificate (10-year validity)
sudo mkdir -p /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 \
-keyout /etc/nginx/ssl/langflow.key \
-out /etc/nginx/ssl/langflow.crt \
-subj "/C=US/ST/N/A/L/N/A/O=LangflowAMI/CN=localhost"
# (As root) 2. Create Nginx config file
sudo vi /etc/nginx/sites-available/langflow
# (Paste the Nginx config content above)
# (As root) 3. Activate configuration (create symbolic link)
sudo ln -s /etc/nginx/sites-available/langflow /etc/nginx/sites-enabled/
# (As root) 4. (Recommended) Remove default configuration
sudo rm /etc/nginx/sites-enabled/default
# (As root) 5. Restart Nginx
sudo systemctl restart nginx
5. Credentials & Security (Quick Reference)
View the default administrator and password via the command sudo cat /usr/local/langflow/readme
- How to Change: Log in via SSH, edit the
/usr/local/langflow/.envfile, and then runsudo systemctl restart langflow.
6. Service Management (Quick Reference)
- Check Langflow Status:
sudo systemctl status langflow - Restart Langflow:
sudo systemctl restart langflow - Check Langflow Logs:
sudo journalctl -u langflow -f - Check Nginx Status:
sudo systemctl status nginx - Restart Nginx:
sudo systemctl restart nginx
7. Troubleshooting
- Problem: Cannot connect to the server.
- Solution: Check your cloud provider's Security Group to ensure TCP Port 443 is open to your IP.
- Problem: I see a "400 Bad Request".
- Solution: Ensure you are typing
https://in your browser's address bar, nothttp://. Use an incognito window.
- Solution: Ensure you are typing