Skip to main content


This page provides guidance on configuring and enabling external network access for a self-hosted Appcircle server and runner.

When deploying a self-hosted Appcircle server and runner, there are scenarios where the application needs to establish connections to external resources over the network. These connections are required to download operating system dependencies, pull Docker images from registries, or access external services such as mobile application build dependencies.

Enabling external network access is essential to ensuring the smooth operation and functionality of self-hosted applications. By establishing connections to external resources, self-hosted applications can access the necessary components, data, and services that are vital for their execution.

You can see different scenarios below according to how you want to install the Appcircle server and runner.


If you are hosting a yum or apt package repository locally on your network, you do not need to allow external domains for RHEL and Ubuntu repos.

Appcircle Server Install and Update

Below you can find the network access details required when installing or upgrading a self-hosted Appcircle server.

This section covers the external resource domains during the installation process of the Appcircle Server on the RHEL distribution using Podman.

podman-compose tool:
  • You must download the podman-compose tool from python pip repositories.
System tools:
  • The Appcircle server requires some tools to be installed.

  • These tools are tar, curl, unzip and Podman.

  • If you are hosting a yum repository locally on your network, you don't need these URLs.
If you are an enterprise-licensed or PoC customer, Appcircle server zip package:
  • If you are an enterprise-licensed or PoC customer and want to install or update the Appcircle server, the Appcircle server host needs to access this URL to download the Appcircle server zip package.

  • If you want to download the zip package and copy it manually (with scp or ftp), then the Appcircle server host doesn't need this access.
If you don't have a proxy registry like Harbor or Nexus, and want to use container images directly from Appcircle:
  • If you have your own proxy registry and want to mirror the Appcircle container images, then your Appcircle server doesn't need to access the origin container image registry directly.

  • If you don't have an image registry, the Appcircle server needs to access this URL.
If you want to install the Appcircle server using offline packages:
  • If you want to install the Appcircle server without an internet connection, a zip package should be downloaded and transferred to the Appcircle server host.

  • This zip package can be downloaded from another host and transferred to the actual Appcircle server. If you plan to do that, the Appcircle server doesn't need to access these URLs.

Appcircle Runner Install as Ready-to-Use MacOS Virtual Machine

This section covers the external resource domains during the installation process of the Appcircle runner using an Appcircle-provided virtual machine.

  • homebrew tool (required):

Homebrew installs the latest version of Xcode Command Line Tools as a dependency. * domains are used for that purpose.

  • tart tool (required):

Tart is a registered trademark of Cirrus Labs, Inc.

Homebrew gathers anonymous analytics using InfluxDB. The below domains are related to Homebrew analytics when installing a package via the brew command.


If you don't want to enable these URLs or you aren’t comfortable with this, you can opt out of Homebrew analytics by following the instructions here.

  • macOS VM image and the runner starter script (required):
  • macOS VM install script (required if you prefer automatic installation):

Appcircle Server Runtime

Although Appcircle runners are responsible for the submission of iOS apps to the App Store, the server also has some features that need access to the App Store Connect API, like runners.

For example, get devices from the App Store, get certificates or provisioning profiles, verify the uploaded certificates, etc.

So, you should enable the below API access on the server for those features:


Appcircle Runner Runtime

This section addresses the utilization of external resources during the build, publish, store submit, and other processes on the Appcircle runner.

Appcircle Server

Appcircle runners should access the self-hosted Appcircle server to get jobs and send artifacts.


Be aware that the URLs below should be the URLs of the self-hosted Appcircle server in your organization.

Below are the sample URLs that show the required subdomains compatible with the sample configuration in the installation documents.


Appcircle runners connect to the self-hosted Appcircle server over the ports below:

If your self-hosted server is configured as HTTPS:

  • 443

If your self-hosted server is configured as HTTP:

  • 80
  • 6379


Appcircle’s workflow components are hosted on GitHub and they're git cloned while running the pipeline.


Some of the dependencies such as CocoaPods and Fastlane use Ruby Gems.


The Gradle wrapper needs access to the below URL to download Gradle.


Android Build Tools need access to the following URLs to download new build tools and NDKs:


All the maven repositories inside build.gradle must be added to the allow-list.

For example;


If you’re using CocoaPods and if your Podfile is using another spec repository, they also must be allowed.


Testing Distribution



App Center:


Store Submit

Google Play


Huawei AppGallery


Please be aware that the subdomain above (developerfile7) may change in the future, and it is dynamically returned by the endpoint.

App Store


The Apple App Store connects to several endpoints during upload.

Those endpoints are documented at here. The endpoints may change in the future.

ServerIP AddressTCP PortUDP Port