authentik/website/docs/troubleshooting/forward_auth/general.mdx

63 lines
1.5 KiB
Plaintext

---
title: General troubleshooting steps
---
import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";
## Set the log level to TRACE
Setting the log level to trace configures the outpost to trace-log all the headers given in forward auth requests.
This is helpful to confirm that certain required Headers are correctly forwarded from the reverse proxy.
### When using the embedded Outpost
Set the authentik log level to `TRACE`:
<Tabs
groupId="platform"
defaultValue="docker-compose"
values={[
{label: 'docker-compose', value: 'docker-compose'},
{label: 'Kubernetes', value: 'kubernetes'},
]}>
<TabItem value="docker-compose">
Add the following block to your `.env` file:
```shell
AUTHENTIK_LOG_LEVEL=trace
```
Afterwards, run `docker compose up -d`.
</TabItem>
<TabItem value="kubernetes">
Add the following block to your `values.yml` file:
```yaml
authentik:
log_level: trace
```
Afterwards, upgrade helm release.
</TabItem>
</Tabs>
### When using a standard outpost
Edit the outpost settings and set `log_level: trace`. This setting should propagate to the outpost instances within a couple seconds.
## Ensure `/outpost.goauthentik.io` is accessible
Everything under `/outpost.goauthentik.io` should be publicly accessible, as URLs under this path are used for authentication.
To check this, run `curl -v https://app.company/outpost.goauthentik.io/ping`. A correct setup should contain output looking like this:
```
[...]
< HTTP/2 204
[...]
```