docker: add setup guide and fix .env.example defaults

[wosolcode]

Summary

This PR fixes a startup crash-loop that affects anyone deploying Flowise locally with Docker Compose, and adds a setup guide to prevent future confusion.

Problem

When docker compose up is run after cp .env.example .env without filling in path variables, Docker passes empty strings for DATABASE_PATH, LOG_PATH, BLOB_STORAGE_PATH, and SECRETKEY_PATH into the container. Flowise then crashes immediately with:

Error: ENOENT: no such file or directory, mkdir ''

The container enters a restart loop and never becomes healthy.

Changes

docker/.env.example

• Pre-fill all path variables to /root/.flowise — the container-side path of the existing ~/.flowise:/root/.flowise volume mount. This is the correct default and prevents the crash.
• Set SECRETKEY_STORAGE_TYPE=local and STORAGE_TYPE=local explicitly (were commented out).
• Enable LOG_LEVEL=info, DISABLE_FLOWISE_TELEMETRY=true, and APP_URL=http://localhost:3000 as working defaults.
• Mark the four auth secret tokens (JWT_AUTH_TOKEN_SECRET, JWT_REFRESH_TOKEN_SECRET, EXPRESS_SESSION_SECRET, TOKEN_HASH_SECRET) with <run: openssl rand -hex 32> placeholders so operators know they must be generated before starting.

docker/SETUP.md (new)

Step-by-step local deployment guide covering:

• Prerequisites
• .env configuration (which variables to set and why)
• Container startup and health verification
• First admin account creation via the API
• Stop / restart commands
• Quick-start guide for building a real LLM chatflow
• Data persistence layout of ~/.flowise
• Environment variables reference table

Testing

Verified on macOS with Docker Desktop:

1. cp .env.example .env + fill in the four secrets → docker compose up -d starts cleanly
2. curl http://localhost:3000/api/v1/ping → pong
3. Admin account registered via POST /api/v1/account/register
4. Chatflow created, read back, and listed via the REST API

---

Generated with Warp
Co-Authored-By: Oz oz-agent@warp.dev

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive Docker setup guide and updates the .env.example file with default paths to prevent startup failures caused by empty environment variables. The review feedback highlights a security concern regarding the use of placeholder strings for secret keys, suggesting they remain empty to ensure users provide unique, secure values during setup.

[gemini-code-assist]

Using <run: openssl rand -hex 32> as a default value for secrets is potentially risky. If a user copies the file without replacing these values, the application will run with these literal strings as secrets, which are publicly known. Since these are not path variables and won't trigger the mkdir crash described in the PR, it is safer to leave them empty. This forces the user to provide a secure value as intended by the setup guide.

JWT_AUTH_TOKEN_SECRET=
JWT_REFRESH_TOKEN_SECRET=

[gemini-code-assist]

As with the other auth secrets, it is safer to leave this empty rather than using a placeholder string that could be used as a literal secret if the user misses the instruction to replace it.

EXPRESS_SESSION_SECRET=

[gemini-code-assist]

As with the other auth secrets, it is safer to leave this empty rather than using a placeholder string that could be used as a literal secret if the user misses the instruction to replace it.

TOKEN_HASH_SECRET=