Troubleshooting FAQ
Solutions to common issues encountered when running Hawkra.
Services won't start
If one or more services fail to start after running docker compose up -d, work through the following checks:
Check the logs for the failing service:
docker compose logs <service-name>
Replace <service-name> with backend, frontend, postgres, redis, or caddy.
Verify your environment file:
Ensure your .env file contains all required variables. Missing or malformed values (especially DATABASE_URL, ENCRYPTION_MASTER_KEY, and JWT_SECRET) will prevent the backend from starting.
Check for port conflicts:
Caddy binds to ports 80 and 443 by default. If another process is using these ports, Caddy will fail to start:
sudo lsof -i :80
sudo lsof -i :443
Stop any conflicting services or change the port mapping in docker-compose.yml.
Check available disk space:
df -h
Docker requires sufficient disk space for images, volumes, and container logs. If the disk is full, services may fail to start or behave unpredictably.
Can't connect to the web interface
- Verify all services are running:
docker compose ps - Check DNS resolution (or add an entry to
/etc/hostsfor local testing) - Verify firewall allows inbound on ports 80 and 443:
sudo firewall-cmd --list-portsorsudo ufw status - Try accessing directly via IP to isolate DNS issues
Database connection errors
- Check PostgreSQL health:
docker compose ps postgres(should showUp (healthy)) - Check logs if unhealthy:
docker compose logs postgres - Verify
DATABASE_URLformat:postgres://hawkra:your_password@postgres:5432/hawkra(hostname must bepostgres, notlocalhost) - Check disk space on the volume (
df -h)
Scans not running
If network scans (WingSpan Scanner) fail to execute or return no results:
Verify container capabilities:
The backend container requires NET_RAW and NET_ADMIN capabilities for raw socket access. Check that your docker-compose.yml includes:
cap_add:
- NET_RAW
- NET_ADMIN
Verify nmap is available:
docker compose exec backend which nmap
If nmap is not found, the container image may be corrupted. Pull a fresh image with docker compose pull backend.
Check network reachability:
The backend container must be able to reach target networks. If targets are on a different subnet, you may need to configure Docker networking or add the backend to the appropriate network.
Email not sending
If Hawkra is not sending emails (invitations, password resets, notifications):
Verify SMTP settings:
Check that your SMTP configuration is correctly set in the admin dashboard under email settings. Required fields include the SMTP host, port, username, and password.
Check backend logs for SMTP errors:
docker compose logs backend | grep -i smtp
Look for authentication failures, connection timeouts, or TLS errors.
Verify outbound connectivity:
Ensure your server's firewall allows outbound connections on the SMTP port (typically 587 for TLS or 465 for SSL):
telnet smtp.your-provider.com 587
Test with a known-good configuration:
If you are unsure about your SMTP provider's settings, test with a well-documented provider like Gmail (using an app password) or Amazon SES to rule out provider-specific issues.
AI features not working
If Ask AI or other AI-powered features return errors or do not respond:
Verify your API key:
In the admin dashboard, navigate to AI Configuration and confirm that a valid API key is set. For cloud mode, this is a Google Gemini API key.
Check the LLM mode:
The LLM_MODE setting determines whether Hawkra uses a cloud provider or a local LLM server. Verify this is set correctly for your deployment.
Check backend logs for AI errors:
docker compose logs backend | grep -i "ai\|llm\|gemini"
Look for authentication errors (invalid API key), rate limit messages, or network connectivity issues.
For local LLM deployments:
Verify your LLM server is running and accessible from the backend container. The backend must be able to reach the LLM server's API endpoint on the configured port.
License upload fails
If uploading a license file through the admin dashboard fails:
Verify file integrity:
Ensure the license file was not corrupted or truncated during download. Re-download it from hawkra.io and try again.
Check the expiry date:
An expired license will be rejected on upload. Verify the license has not already passed its expiry date.
Confirm admin privileges:
Only the admin user can upload licenses. Ensure you are logged in with the account that has administrative access.
Re-download and retry:
If the file appears correct but still fails, delete the downloaded file, clear your browser cache, and download a fresh copy from your hawkra.io account.
Forgot admin password
The initial admin password is generated automatically during the first backend startup and printed to the logs.
Check the startup logs:
docker compose logs backend | grep -i "admin password"
If container logs have been rotated or the containers have been recreated multiple times, the original log entry may no longer be available. In that case, you will need to reset the admin password directly in the database.
High memory usage
Check usage with docker stats --no-stream. Adjust the backend memory limit in your docker-compose file if needed.
WebSocket connection issues
If real-time features (chat, live scan updates) are not working:
Verify Caddy proxying:
Ensure your Caddy configuration proxies WebSocket paths (/ws/*) to the backend service. WebSocket connections require proper upgrade headers to be forwarded.
Check CORS configuration:
Verify that the CORS_ALLOWED_ORIGINS environment variable in your .env file includes your domain (including the protocol):
CORS_ALLOWED_ORIGINS=https://hawkra.yourdomain.com
Check browser console:
Open your browser's developer tools and look for WebSocket connection errors in the console. Common issues include mixed content (trying to connect via ws:// on an https:// page) and CORS rejections.