Verify connectivity to cs.appsmith.com
Self-hosted Appsmith instances must reach cs.appsmith.com over outbound HTTPS for license validation, automatic updates, and other control-plane services managed by Appsmith. If your instance is behind a firewall, proxy, or restricted egress policy, use the steps below to confirm connectivity from inside the Appsmith runtime.
Whitelist the domain cs.appsmith.com for outbound HTTPS. Do not use IP-based whitelisting for this domain. See Security and Air-gapped Edition.
Docker
-
Connect to the Appsmith container as root:
docker exec -it -u root appsmith bash -
Test connectivity to the Appsmith control server:
curl -i -v https://cs.appsmith.com/api/v1/health
Kubernetes
-
Connect to an Appsmith pod:
kubectl exec -it -n <namespace> <appsmith-pod-name> -- bashReplace
<namespace>with your Appsmith namespace and<appsmith-pod-name>with the name of a running Appsmith pod. To list pods:kubectl get pods -n <namespace> -
Test connectivity to the Appsmith control server:
curl -i -v https://cs.appsmith.com/api/v1/health
Interpret the results
A successful connection returns an HTTP 200 response from the health endpoint. If the command times out, fails to resolve the hostname, or returns connection errors, your instance cannot reach cs.appsmith.com. Common causes include:
- Outbound HTTPS blocked by a firewall or security group
- Missing proxy configuration in a corporate network. See Configure HTTP/HTTPS Proxy.
- DNS resolution failures inside the container or pod
If connectivity fails and you are not using the dedicated air-gapped edition, resolve network access before expecting license validation or update features to work. For license-specific errors, see License and activation errors.