Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.flowx.ai/llms.txt

Use this file to discover all available pages before exploring further.

Prerequisites management

NGINX

For optimal operation the FlowX.AI Designer should use a separate NGINX load balancer from the FlowX Engine. This routing mechanism handles API calls from the SPA (single page application) to the backend service, to the engine and to various plugins. Here’s an example/suggestion of an NGINX setup:

For routing calls to plugins:

metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: GET, PUT, POST, DELETE, PATCH
    nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:4200,http://localhost:80,http://localhost:8080"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  name: flowx-admin-plugins-subpaths
spec:
  rules:
  - host: {{host}}
    http:
      paths:
      - path: /notification(/|$)(.*)
        backend:
          serviceName: notification
          servicePort: 80
      - path: /document(/|$)(.*)
        backend:
          serviceName: document
          servicePort: 80
  tls:
  - hosts:
    - {{host}}
    secretName: {{tls secret}}

For routing calls to the engine

Three different configurations are needed:
  1. For viewing the current instances of processes running in the Engine:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /api/instances/$2
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: GET, PUT, POST, DELETE, PATCH
    nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:4200,http://localhost:80,http://localhost:8080"
  name: flowx-admin-engine-instances
spec:
  rules:
  - host: {{host}}
    http:
      paths:
      - path: /api/instances(/|$)(.*)
        backend:
          serviceName: {{engine-service-name}}
          servicePort: 80
  1. For testing process definitions from the FLOWX Designer, route API calls and SSE communication to the Engine backend.
Setup for routing REST calls: 
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /api/$2
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: GET, PUT, POST, DELETE, PATCH
    nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:4200,http://localhost:80,http://localhost:8080"
  name: flowx-admin-engine-rest-api
spec:
  rules:
  - host: {{host}}
    http:
      paths:
      - path: /{{PROCESS_API_PATH}}/api(/|$)(.*)
        backend:
          serviceName: {{engine-service-name}}
          servicePort: 80
Setup for routing SSE communication: 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/cors-allow-headers: "<your_defaultCorsAllowHeaders_value>"
  name: flowx-public-subpath-events-rewrite
spec:
  rules:
  - host: {{host}}
    http:
      paths:
      - backend:
          service:
            name: events-gateway
            port:
              name: http
        path: /api/events(/|$)(.*)
  1. For accessing the REST API of the backend microservice
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: "4m"
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/cors-allow-methods: GET, PUT, POST, DELETE, PATCH
    nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:4200,http://localhost:80,http://localhost:8080"
  name: flowx-admin-api
spec:
  rules:
  - host: {{host}}
    http:
      paths:
        - path: /
          backend:
            serviceName: {{flowx-admin-service-name}}
            servicePort: 80
  tls:
  - hosts:
    - {{host}}
    secretName: {{tls secret}}

For configuring the SPA

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    certmanager.k8s.io/issuer: letsencrypt-prod
    kubernetes.io/ingress.class: nginx
    ingress.kubernetes.io/affinity: cookie
  name: flowx-designer-spa
spec:
  rules:
  - host: {{host of web app}}
    http:
      paths:
      - backend:
          serviceName: {{flowx-designer-service-name}}
          servicePort: 80
  tls:
  - hosts:
    - {{host of web app}}
    secretName: {{tls secret}}

Steps to deploy Frontend app

The FlowX.AI Designer is an SPA application that is packaged in a docker image with nginx. The web application allows an authenticated user to administrate the FlowX platform. Environment variables are injected at container startup via envsubst.

Application configuration

Environment VariableDescriptionDefault Value
BASE_API_URLBackend API base URL (the host configured in the NGINX ingress)-
ADMIN_API_URLAdmin API URL, used for admin-specific backend calls-
PROCESS_API_PATHAPI path prefix for the process engine (e.g. /engine)-
STATIC_ASSETS_PATHPublic URL for static assets / media library CDN-
BASE_HREFHTML base href override for non-root deployments/
VERSIONApplication version string displayed in the UI-
ROOT_DOMAINRoot domain for the application-
COLLABORATION_POLLING_INTERVALPolling interval in milliseconds for collaboration features-
LEGACY_HTTP_VERSIONEnables legacy HTTP polling mode with SSE reconnect on page visibility changefalse

Authentication (OpenID Connect)

Environment VariableDescriptionDefault Value
KEYCLOAK_ISSUEROpenID Connect provider issuer URL (e.g. https://your-idp/auth/realms/realmName)-
KEYCLOAK_REDIRECT_URIOAuth redirect URI (URL of the SPA)-
KEYCLOAK_CLIENT_IDOAuth client ID-
KEYCLOAK_SCOPESOAuth scopes requested during authenticationopenid profile email
DEFAULT_ORGANIZATION_NAMEDefault organization name for login-
REQUIRE_HTTPSRequire HTTPS for OAuth communicationtrue
SHOW_DEBUG_INFORMATIONShow OAuth debug information in the browser consoletrue
DISABLE_AT_HASH_CHECKDisable at_hash claim validationfalse
SKIP_ISSUER_CHECKSkip OAuth issuer URL validation-
STRICT_DISCOVERY_DOCUMENT_VALIDATIONEnforce strict OIDC discovery document validation-

Troubleshooting

Common issues

Symptoms: 502 Bad Gateway or 404 errors when accessing the Designer.Solutions:
  1. Verify the ingress annotations are correct, especially rewrite-target paths
  2. Check that backend service names and ports match your Kubernetes service definitions
  3. Ensure CORS origins include all domains the Designer is accessed from
  4. Validate the host values in ingress rules match your DNS configuration
  5. Check NGINX controller logs for detailed routing errors: kubectl logs -n ingress-nginx <controller-pod>
Symptoms: Redirect loops, blank screens after login, or 401 errors.Solutions:
  1. Verify KEYCLOAK_ISSUER matches the realm URL exactly (including /auth/realms/<realm>)
  2. Ensure KEYCLOAK_REDIRECT_URI matches the SPA URL configured in the Keycloak client
  3. Check that the Keycloak client ID (KEYCLOAK_CLIENT_ID) exists and is enabled
  4. Confirm the Keycloak client has the correct redirect URIs and web origins configured
  5. Clear browser cookies and local storage, then try again
Symptoms: Real-time updates not working, SSE events not received, process testing hangs.Solutions:
  1. Verify the SSE ingress configuration routes /api/events to the events-gateway service
  2. Check that nginx.ingress.kubernetes.io/cors-allow-headers includes required headers
  3. Ensure the events-gateway service is running and healthy
  4. Confirm network policies allow traffic from the Designer ingress to the events-gateway pod
  5. Check for proxy timeout settings that may terminate long-lived connections

Ingress Configuration

Configure routing, CORS, and TLS for FlowX services

IAM Configuration

Identity and access management setup
Last modified on April 24, 2026