Skip to main content

Deploy Langflow with Nginx and SSL

Deploy Langflow on a Linux-based server using Nginx as a reverse proxy, Let's Encrypt for SSL certificates, and Certbot for automated certificate management.

This setup encrypts all communications between users and your Langflow server. SSL certificates ensure that sensitive data is protected from eavesdropping and tampering, and the automatic certificate management through Certbot eliminates the complexity of manual SSL configuration.

Prerequisites

  • An Ubuntu or Debian-based Linux server with a dual-core CPU and at least 2 GB of RAM This example uses Digital Ocean cloud for hosting. Your deployment may vary.
  • A domain name with external DNS management access
  • A DNS record configured to point your domain to your server's external IP address For example, if your server's IP is 203.0.113.1, configure your DNS like this:

    _10
    Type: A
    _10
    Name: langflow.example.com
    _10
    Value: 203.0.113.1

Connect to your server with SSH

  1. Create an SSH key to connect to your server remotely. For example:


    _10
    ssh-keygen -t ed25519 -C "DANA@EXAMPLE.COM"

    Replace DANA@EXAMPLE.COM with the email address that you want to associate with the SSH key.

  2. In your terminal, follow the instructions to create your SSH key pair. This creates both a private and public key. To copy the public key from your terminal, enter the following command:


    _10
    cat ~/Downloads/host-lf.pub | pbcopy

  3. In your server, add the SSH key you copied in the previous step. For example, if you are using a Digital Ocean cloud server, add this SSH key when the server is created, or with the Digital Ocean control panel.

  4. To connect to your server with SSH, enter the following command.


    _10
    ssh -i PATH_TO_PRIVATE_KEY/PRIVATE_KEY_NAME root@SERVER_IP_ADDRESS

    Replace the following:

    • PATH_TO_PRIVATE_KEY/PRIVATE_KEY_NAME: The path to your private SSH key file that matches the public key you added to your server
    • SERVER_IP_ADDRESS: Your server's IP address

  5. When prompted for a key fingerprint, type yes. The terminal output indicates if the connection succeeds or fails. The following response was returned after connecting to a Digital Ocean cloud server.


    _10
    System information as of Wed Oct 8 21:40:43 UTC 2025
    _10
    _10
    System load: 0.02 Processes: 103
    _10
    Usage of /: 4.1% of 47.35GB Users logged in: 1
    _10
    Memory usage: 10% IPv4 address for eth0: 165.227.176.236
    _10
    Swap usage: 0% IPv4 address for eth0: 10.17.0.5

Install Langflow on your server

To install Langflow on your server, do the following:

  1. Update system packages.


    _10
    sudo apt update && sudo apt upgrade -y

  2. Install Python and pip.


    _10
    sudo apt install python3 python3-pip python3-venv -y

  3. Install uv to manage Python packages. Langflow recommends uv for faster installation.


    _10
    pip install uv

  4. Create a virtual environment for Langflow.


    _10
    uv venv langflow-venv
    _10
    source langflow-venv/bin/activate

  5. Install Langflow using uv.


    _10
    uv pip install langflow

  6. Optionally, start Langflow.


    _10
    uv run langflow run --host 127.0.0.1 --port 7860 &

    Test access at your http://YOUR_PUBLIC_IP:7860. Since Langflow is running on localhost, you should not be successful. In next steps, you will install Nginx as a reverse proxy to handle external access, and Certbot to configure SSL for secure HTTPS access.

Install Nginx

Nginx is a reverse proxy that receives external requests and forwards them to your Langflow server. In addition to SSL termination, Nginx includes features for load balancing and security. For more information, see the Nginx documentation.

  1. Install Nginx on your server.


    _10
    sudo apt install nginx -y

  2. Start and enable Nginx on your server.


    _10
    sudo systemctl start nginx
    _10
    sudo systemctl enable nginx

  3. Create an Nginx configuration file. Replace DOMAIN_NAME with your actual domain name, such as langflow.example.com.


    _10
    sudo nano /etc/nginx/sites-available/DOMAIN_NAME

  4. Paste the following content to the configuration file you created at /etc/nginx/sites-available/DOMAIN_NAME.

    Replace DOMAIN_NAME with your actual domain name, such as langflow.example.com.


    _29
    server {
    _29
    listen 80;
    _29
    server_name DOMAIN_NAME;
    _29
    _29
    # Increase client body size for file uploads
    _29
    client_max_body_size 100M;
    _29
    _29
    location / {
    _29
    proxy_pass http://127.0.0.1:7860/;
    _29
    proxy_set_header Host $host;
    _29
    proxy_set_header X-Real-IP $remote_addr;
    _29
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    _29
    proxy_set_header X-Forwarded-Proto $scheme;
    _29
    _29
    # WebSocket support for Langflow
    _29
    proxy_http_version 1.1;
    _29
    proxy_set_header Upgrade $http_upgrade;
    _29
    proxy_set_header Connection "upgrade";
    _29
    _29
    # Timeout settings for long-running flows
    _29
    proxy_connect_timeout 60s;
    _29
    proxy_send_timeout 60s;
    _29
    proxy_read_timeout 300s;
    _29
    _29
    # Buffer settings
    _29
    proxy_buffering off;
    _29
    proxy_request_buffering off;
    _29
    }
    _29
    }

    This configuration listens on port 80 for standard HTTP. When you install Certbot in a later step, it will modify this configuration to add port 443 for HTTPS.

  5. To enable your site configuration, create a symlink between the /sites-available and /sites-enabled directories. /sites-available stores all site configurations, and /sites-enabled stores only active configurations which Nginx reads from. Creating this symlink switches this configuration ON.


    _10
    sudo ln -s /etc/nginx/sites-available/DOMAIN_NAME /etc/nginx/sites-enabled/DOMAIN_NAME

  6. Check the Nginx configuration file's syntax.


    _10
    sudo nginx -t

  7. Restart Nginx.


    _10
    sudo systemctl restart nginx

Install Certbot and obtain SSL certificates

While Nginx handles SSL termination in encrypting and decrypting traffic, Certbot automatically obtains SSL certificates from Let's Encrypt and configures Nginx to use them.

The Certbot client is recommended by Let's Encrypt for automated certificate management. For more information, see the Certbot documentation.

Install the Certbot client on your server to manage certificates, and install the python3-certbot-nginx plugin to allow Certbot to modify your server's Nginx configuration.

  1. Install Certbot and the python3-certbot-nginx plugin.


    _10
    sudo apt install certbot python3-certbot-nginx -y

  2. Obtain the SSL certificate for DOMAIN_NAME from Let's Encrypt.


    _10
    sudo certbot --nginx -d DOMAIN_NAME

    This result indicates that Certbot succeeded.


    _10
    Successfully received certificate.
    _10
    Certificate is saved at: /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem
    _10
    Key is saved at: /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem

    When using --nginx, Certbot automatically injects the paths into your Nginx configuration as ssl_certificate and ssl_certificate_key.

  3. Start Langflow from the virtual environment.

    a. Activate the virtual environment.


    _10
    source langflow-venv/bin/activate

    b. Start Langflow in the background.


    _10
    uv run langflow run --host 127.0.0.1 --port 7860 &

  4. To test the deployment, navigate to https://DOMAIN_NAME in your browser.

  5. Verify the SSL certificate is working. Ensure the URL is https://, not http://. Your browser's address bar should display a Lock icon. Click Lock to view your SSL certificate details.

See also

Search