Flowise - Hardened Visual AI Agent Builder

What is Flowise

Flowise is an open-source, no-code/low-code visual builder for AI agents, chatbots, and LLM-powered workflows. A drag-and-drop canvas lets you compose chains of LLM calls, tool integrations, vector retrievers, and conditional logic into a working agent in minutes - no application code required. The same flow can be exposed as a REST API, an embeddable chat widget, or invoked from your own backend through Flowise SDKs.

Why self-host Flowise

Self-hosting Flowise keeps every prompt, every conversation, and every credential inside your own tenant. No third-party SaaS sees your customer data, your API keys, or your internal knowledge bases. Ideal for teams with data residency requirements, organisations operating under regulated frameworks (HIPAA, GDPR, ISO 27001), and AI labs that need full control over the inference path their agents take.

What this VM image adds

Security hardening:

• Per-instance admin password generated at first boot - 12-character credential that meets Flowise v3+ complexity requirements (uppercase, digit, special), unique to every deployment, written to /root/flowise-credentials.txt
• Persistent encryption secret per instance - 64-character random hex key seals the credentials store and node API keys; never the same on two deployments
• HTTP Basic auth gate enabled out of the box - no anonymous access to the builder
• Flowise bound to localhost only - the Node.js runtime listens on 127.0.0.1:3000, exposed externally only through the hardened Nginx reverse proxy on 80/443 (auto HTTP-to-HTTPS redirect, self-signed TLS pre-deployed)
• WebSocket-aware reverse proxy - streaming LLM responses work end-to-end through the proxy with extended 300s timeouts for long-running inference
• Flowise runs as non-root - dedicated flowise system user, no shell, locked home directory
• Vault data owned by flowise user - SQLite database, API keys, secret keys, and blob storage all 0750 with UMask=0027 enforced via systemd
• Telemetry disabled - DISABLE_FLOWISE_TELEMETRY=true
• Trivy CVE scan - every image is scanned with Trivy before release
• Trivy secret scan - blocks any image that ships with leaked credentials
• UFW firewall - only ports 80, 443, and 22 open
• fail2ban - SSH brute-force protection
• AppArmor - mandatory access control

OS hardening (CIS Level 1):

• CIS Level 1 hardened - CIS Ubuntu 24.04 LTS Level 1 Benchmark via ansible-lockdown
• auditd - system call auditing for critical paths
• SSH hardening - PasswordAuthentication disabled, key-only access
• Kernel hardening - SYN cookies, ASLR, rp_filter, TCP BBR
• /tmp as tmpfs - nosuid, nodev, noexec
• Azure IMDS endpoints - egress rules pre-configured (169.254.169.254, 168.63.129.16)

Compliance artifacts (inside the VM):

• SBOM - CycloneDX 1.6 at /etc/lynxroute/sbom.json
• CIS Conformance Report - OpenSCAP HTML at /etc/lynxroute/cis-report.html
• Tailored CIS profile - /usr/share/doc/lynxroute/CIS_TAILORED_PROFILE.md
• Credentials file - /root/flowise-credentials.txt with web UI URL and the per-instance admin password

Quick Start

1. Deploy VM from Azure Marketplace (Standard_D2s_v3 or larger recommended; Flowise pre-loads 1000+ integration modules at startup)
2. Open NSG: TCP 80 and 443 from your client networks - SSH 22 from your management IPs only
3. SSH: ssh -i key.pem <username>@<PUBLIC_IP> (username set during VM creation, default: azureuser)
4. Read connection details: sudo cat /root/flowise-credentials.txt - contains the web UI URL and the per-instance admin password
5. Open https://<PUBLIC_IP> - accept the self-signed certificate warning (replace with a CA-signed certificate via certbot for production), log in with the credentials from the file, then change the password from Account Settings

First boot takes 3-10 minutes to become fully responsive: the Node.js runtime cold-reads the entire integration module tree from disk and initialises the SQLite database. The Nginx proxy serves a friendly auto-refreshing wait page during that window. Subsequent restarts complete in under two minutes.