authentik/website/docs/troubleshooting/forward_auth/general.mdx

---
title: General troubleshooting steps
---

import Tabs from "@theme/Tabs";
import TabItem from "@theme/TabItem";

## Set the log level to TRACE

Setting the log level to trace configures the outpost to trace-log all the headers given in forward auth requests.

This is helpful to confirm that certain required Headers are correctly forwarded from the reverse proxy.

### When using the embedded Outpost

Set the authentik log level to `TRACE`:

<Tabs
  groupId="platform"
  defaultValue="docker-compose"
  values={[
    {label: 'docker-compose', value: 'docker-compose'},
    {label: 'Kubernetes', value: 'kubernetes'},
  ]}>
  <TabItem value="docker-compose">
Add the following block to your `.env` file:

```shell
AUTHENTIK_LOG_LEVEL=trace
```

Afterwards, run `docker-compose up -d`.

  </TabItem>
  <TabItem value="kubernetes">
Add the following block to your `values.yml` file:

```yaml
authentik:
    log_level: trace
```

Afterwards, upgrade helm release.

  </TabItem>
</Tabs>

### When using a standard outpost

Edit the outpost settings and set `log_level: trace`. This setting should propagate to the outpost instances within a couple seconds.

## Ensure `/outpost.goauthentik.io` is accessible

Everything under `/outpost.goauthentik.io` should be publicly accessible, as URLs under this path are used for authentication.

To check this, run `curl -v https://app.company/outpost.goauthentik.io/ping`. A correct setup should contain output looking like this:

```
[...]
< HTTP/2 204
[...]
```