Help

Troubleshooting

Name: AuthMe
Author: AuthMe

Diagnose and fix the most common issues when running AuthMe in development and production.

Jump to issue

1. Docker 2. Database 3. SMTP 4. CORS 5. Auth 6. LDAP 7. Themes 8. Migrations 9. Performance 10. Logging

Docker container fails to start

Docker

Container exits immediately with code 1

docker compose ps shows "Exited"

1
Run docker compose logs authme to see the startup error.
2
Ensure DATABASE_URL is set and the PostgreSQL container has finished initialising (add a healthcheck).
3
Confirm the PostgreSQL port (5432) is not blocked by another process.

Database connection refused

Database

PrismaClientInitializationError: Can't reach database

ECONNREFUSED on port 5432

1
Verify DATABASE_URL matches your PostgreSQL host, port, user, and database name.
2
When running with Docker Compose, use the service name as hostname (e.g. postgresql://authme:authme@db:5432/authme).
3
Run npm run prisma:migrate if this is a fresh install.

Emails are not being sent

SMTP

Email verification link never arrives

Password reset silently fails

1
SMTP is configured per-realm in the Admin Console under the Email tab — not via environment variables.
2
Use the Test Email button to verify connectivity.
3
Check that your SMTP provider allows connections from your server IP, and that the port/TLS settings match (587 with STARTTLS is most common).

CORS errors in the browser

CORS

Access-Control-Allow-Origin missing

Preflight request blocked

1
Ensure BASE_URL is set to your exact public URL (no trailing slash).
2
Register your frontend origin as an allowed redirect URI on the OIDC client.
3
In the Admin Console, verify the Web Origins field on the client includes your frontend URL or * for development.

Token validation failures

Auth

401 Unauthorized on protected API routes

JWT verification error

1
Confirm the issuer in your SDK config matches the exact issuer in the AuthMe discovery document.
2
Check that the token has not expired (exp claim). Tokens are short-lived by default (5 minutes).
3
Rotate the signing keys only when necessary — old tokens signed with rotated keys will fail validation.

LDAP connection issues

LDAP

LDAP sync shows 0 users imported

Connection timeout during federation

1
Verify the LDAP host, port, and bind DN are correct in the realm's Identity Provider settings.
2
Test connectivity from inside the AuthMe container: docker exec -it authme_app ping ldap-host.
3
Check that your LDAP server supports the connection type selected (LDAP on 389 or LDAPS on 636).

Custom theme not applied

Themes

Theme changes have no effect

1
Themes are configured per-realm in the Admin Console under the Appearance tab.
2
Clear your browser cache after changing a theme — the CSS bundle is heavily cached.
3
Ensure the realm is saved after selecting the new theme.

Migration failures on upgrade

Migrations

P1001 migration lock timeout

Migration failed: relation already exists

1
Run npm run prisma:migrate manually after pulling a new version.
2
If a migration is stuck, check for a _prisma_migrations row with applied = false and resolve any conflicts.
3
Always back up your database before upgrading to a new major version.

Slow response times under load

Performance

Token endpoint p99 > 500 ms

High CPU on the AuthMe container

1
Scale horizontally: add more AuthMe replicas behind the Nginx load balancer (see the Deployment guide).
2
Add a pg_bouncer connection pooler in front of PostgreSQL to reduce connection overhead.
3
Tune THROTTLE_TTL and THROTTLE_LIMIT to prevent a single client from dominating.

Adjusting log verbosity

Logging

Too many verbose logs in production

Need more detail for debugging

1
Set NODE_ENV=production to suppress debug-level logs automatically.
2
To increase verbosity temporarily, set LOG_LEVEL=debug in your environment.
3
Pipe logs to a structured aggregator (Loki, Datadog, CloudWatch) using Docker's log driver.

Still stuck?

Check the GitHub issues or open a new one — the community is happy to help.

Open an Issue Back to Docs