1

I use appsmith which os hosted on docker. I had no issues yesterday but when I logged in today, it would not work, stuck on a white screen

I can no longer reach out to Appsmith's license servers at cs.appsmith.com. I can demonstrate this by running this within the Appsmith container:

root@0436f43ca4d0:/opt/appsmith# curl -iv -m 10 https://cs.appsmith.com
Trying 3.136.102.67:443...
TCP_NODELAY set
After 4994ms connect time, move on!
connect to 3.136.102.67 port 443 failed: Connection timed out
Trying 3.17.92.160:443...
TCP_NODELAY set
After 2496ms connect time, move on!
connect to 3.17.92.160 port 443 failed: Connection timed out
Failed to connect to cs.appsmith.com port 443: Connection timed out
Closing connection 0
curl: (28) Failed to connect to cs.appsmith.com port 443: Connection timed out

Trying to curl https://google.com fails similarly, though with an error like this:

Immediate connect fail for 2a00:1450:4001:831::200e: Network is unreachable From a shell on the host, however, the connection works:

root@server:~# curl -iv -m 10 https://cs.appsmith.com
Trying 3.17.92.160:443...
TCP_NODELAY set
Connected to cs.appsmith.com (3.17.92.160) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
ALPN, server did not agree to a protocol
Server certificate:
subject: CN=*.appsmith.com
start date: Nov 4 00:00:00 2024 GMT
expire date: Dec 3 23:59:59 2025 GMT
subjectAltName: host "cs.appsmith.com" matched cert's "*.appsmith.com"
issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M03
SSL certificate verify ok.
GET / HTTP/1.1
Host: cs.appsmith.com
User-Agent: curl/7.68.0
Accept: /
Mark bundle as not supporting multiuse
< HTTP/1.1 401 Unauthorized
HTTP/1.1 401 Unauthorized
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; connect-src * 'self' blob: raw.githubusercontent.com .intercom.io wss://.intercom.io *.algolianet.com *.algolia.net api.segment.io *.sentry.io *.hotjar.com maps.googleapis.com fonts.googleapis.com www.gstatic.com fonts.gstatic.com appcdn.appsmith.com; img-src * data: blob:; media-src * data: blob:; style-src * 'self' 'unsafe-inline'; font-src * 'self' data:; frame-ancestors *; frame-src * data: blob:
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; worker-src 'self' blob:; connect-src * 'self' blob: raw.githubusercontent.com .intercom.io wss://.intercom.io *.algolianet.com *.algolia.net api.segment.io *.sentry.io *.hotjar.com maps.googleapis.com fonts.googleapis.com www.gstatic.com fonts.gstatic.com appcdn.appsmith.com; img-src * data: blob:; media-src * data: blob:; style-src * 'self' 'unsafe-inline'; font-src * 'self' data:; frame-ancestors *; frame-src * data: blob:
< Date: 2025年2月20日 16:32:07 GMT
Date: 2025年2月20日 16:32:07 GMT
< Expires: 0
Expires: 0
< Pragma: no-cache
Pragma: no-cache
< Referrer-Policy: no-referrer
Referrer-Policy: no-referrer
< Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
X-Frame-Options: DENY
< X-XSS-Protection: 0
X-XSS-Protection: 0
< Content-Length: 0
Content-Length: 0
< Connection: keep-alive
Connection: keep-alive
<
Connection #0 to host cs.appsmith.com left intact
It seems like all Docker containers are having this issue:

I turned off the Plesk Firewall and suddenly appsmith is able to make external connections

I havent touched the firewall or the server in a long time. I dont want to have to keep my firewall turned off. I want to be able to have the firewall turned on and for Docker to make external connections

I am not sure where to look in the firewall to see what may be causing the issue... none of the rules have changed

Another problem is, when I turn the firewall off, although appsmith works and can access the external network, there is still something preventing it from accessing the local DB to complete queries and pull information

asked Feb 20, 2025 at 22:34
2
  • Do you use Docker version 28? There is currently a bug in Docker 28 which was released yesterday causing network issues. I recommend downgrading to the latest version of Docker 27. Commented Feb 21, 2025 at 12:00
  • @JustRandom I seen there was an issue with the plesk update that was rolled out yesterday. I donk know if it's linked to the docker 28 update as plesk numbers the docker versions differently. They have it as 2.1.1 Commented Feb 21, 2025 at 18:25

1 Answer 1

0

I have to downgrade the docker to 27.5.1 to solve the issue:

https://forums.docker.com/t/docker-28-no-outgoing-network-on-ubuntu-22-with-plesk/146772/7

answered Feb 22, 2025 at 6:27
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.