Skip to content

Troubleshooting

Terminal window
synctv --config /etc/synctv/synctv.yaml config show --output yaml
synctv --config /etc/synctv/synctv.yaml config validate
synctv --config /etc/synctv/synctv.yaml serve

Start with the first error. Later errors are often cascading failures.

Symptom or errorCauseAction
jwt.secret is a placeholder or too weakProduction still uses an example secretGenerate a strong secret and inject it through secret/env
opaque_server_setup_secret is empty or invalidOPAQUE long-lived secret is missingGenerate and preserve security.opaque_server_setup_secret
credential_encryption_key has invalid formatNot 64 hex charactersGenerate it with openssl rand -hex 32
required variable ... is missingProduction Compose is missing .env.postgres, .env.redis, or .env.synctvRun ./scripts/init-compose-env.sh
/health/ready is not 200Database, Redis, or startup dependency is not readyInspect readiness body and first startup log error
Browser CORS errorOrigin missing, path used as origin, or proxy blocks OPTIONSUse real origins only in server.cors_allowed_origins
gRPC Ingress fails but HTTP worksMissing separate gRPC Ingress or backend protocolSet nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
synctv system stats cannot connectmanagement endpoint, socket, TCP token, or env var mismatchCheck management.* and SYNCTV_MANAGEMENT_ENDPOINT
WebSocket 401/403Expired token/ticket, missing room membership, or rejected originRequest a new ticket and verify membership/origin
OAuth2 callback/state errorRedirect mismatch or multi-replica deployment without shared RedisMatch provider registration and configure Redis for replicas
WebAuthn/passkey failurerp_origin does not match the real HTTPS originFix webauthn.rp_origin and webauthn.rp_id
Range seek or proxy playback failureProvider headers are incomplete or upstream lacks RangeCheck Provider headers and upstream Accept-Ranges
Intermittent HLS 404 in multi-replica modePublisher node unreachable or HLS storage model mismatchUse publisher-node proxy, shared_file, or OSS
Terminal window
curl -i http://localhost:8080/health/ready

Success is HTTP 200. On failure, inspect the response body and service logs.

Terminal window
curl -i \
-X OPTIONS \
-H 'Origin: https://app.example.com' \
-H 'Access-Control-Request-Method: POST' \
http://localhost:8080/api/auth/opaque/login/start

The response should include:

Access-Control-Allow-Origin: https://app.example.com
Terminal window
curl -I -H 'Range: bytes=0-1023' 'https://upstream.example.com/video.mp4'

Range-capable upstreams usually return 206 Partial Content. If they return 200 OK, SyncTV bypasses slice cache and does not write full-body cache.

LayerCheckPage
ConfigurationEffective config, secrets, environment overrides, *_file pathsHow Configuration Works
DeploymentCompose env, Helm values, Services, Ingresses, Secret keysDocker Compose, Helm
AuthenticationSMTP, OAuth2 redirect, WebAuthn origin, 2FA, rate limitsSecurity Model, Email and OAuth2, WebAuthn
MediaProvider headers, Range, proxy, slice cache, HLS backendPlayback and Proxy Model
CapacityWebSocket, database pool, Redis, Provider, proxy bandwidth, livestreamingCapacity Planning, Metrics Catalog
  • SyncTV version and deployment method.
  • Output of synctv config show --output yaml. Review it for sensitive values before sharing.
  • Full synctv config validate error.
  • Rendered Compose/Helm Service, Ingress, ConfigMap, and Secret key names.
  • First service log error.
  • HTTP error requestId, status, and code.
  • Request path, method, status code, and required headers.