Troubleshooting

Common issues and how to fix them.

UniFi API Auth Errors

Use the local controller URL (e.g. https://192.168.1.1), not the Ubiquiti cloud URL.
The site ID must be the internal name (usually default), not the display name shown in the UniFi UI.
Use a Local Admin API key, not a cloud admin key. Create one in UniFi OS under Settings → Admins → Local Admin.
If you changed SECRET_KEY or POSTGRES_PASSWORD after initial setup, stored API keys become unrecoverable. Re-enter the UniFi API key in Settings.

Confirm your UniFi gateway's syslog is pointed at the Insights Plus host on UDP port 514.
Syslog must be enabled per firewall rule in the UniFi controller. Use the Settings → Firewall zone matrix to bulk-toggle syslog.
Check container logs for receiver errors:

docker logs unifi-log-insight --tail 100

Verify that UDP 514 is not blocked by a host firewall or already in use by another process.

docker exec unifi-log-insight ls -la /app/maxmind/

curl http://localhost:8090/api/health

docker exec unifi-log-insight cat /var/log/geoip-update.log

docker exec unifi-log-insight /app/geoip-update.sh

docker logs unifi-log-insight

docker compose down -v

Then start fresh with docker compose up -d.

Symptom	Fix
Connection refused	Verify DB_HOST, DB_PORT, and that the PostgreSQL server allows remote connections (check pg_hba.conf and listen_addresses)
Password authentication failed	Confirm DB_PASSWORD matches the database user's password. If using POSTGRES_PASSWORD as fallback, ensure DB_PASSWORD is set explicitly for external databases
Permission denied	The DB_USER must own or have full privileges on DB_NAME. Run GRANT ALL ON DATABASE ... TO ... as superuser
SSL required	Set DB_SSLMODE=require (or verify-ca / verify-full). Provide DB_SSLROOTCERT if the server uses a private CA
Health check shows unhealthy	Check container logs with docker logs. Verify the external database is reachable from the container network and credentials are correct