diff --git a/Dockerfile b/Dockerfile
index c26c4462c6..09be222da0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,7 +15,7 @@ RUN apt-get update \
   && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \
     supervisor curl cron certbot nginx gnupg wget netcat openssh-client \
     software-properties-common gettext openjdk-11-jre \
-    python3-pip python-setuptools git \
+    python3-pip python-setuptools git ca-certificates-java \
   && pip install --no-cache-dir git+https://github.com/coderanger/supervisor-stdout@973ba19967cdaf46d9c1634d1675fc65b9574f6e \
   && apt-get remove -y git python3-pip
 
diff --git a/app/server/appsmith-plugins/restApiPlugin/src/main/java/com/external/plugins/RestApiPlugin.java b/app/server/appsmith-plugins/restApiPlugin/src/main/java/com/external/plugins/RestApiPlugin.java
index ed9051bdd9..4021e606ee 100644
--- a/app/server/appsmith-plugins/restApiPlugin/src/main/java/com/external/plugins/RestApiPlugin.java
+++ b/app/server/appsmith-plugins/restApiPlugin/src/main/java/com/external/plugins/RestApiPlugin.java
@@ -322,6 +322,11 @@ public class RestApiPlugin extends BasePlugin {
                         sslContextSpec.sslContext(sslContextSpec1);
                     });
 
+            if ("true".equals(System.getProperty("java.net.useSystemProxies"))
+                    && (!System.getProperty("http.proxyHost", "").isEmpty() || !System.getProperty("https.proxyHost", "").isEmpty())) {
+                httpClient = httpClient.proxyWithSystemProperties();
+            }
+
             WebClient.Builder webClientBuilder = WebClient.builder().clientConnector(new ReactorClientHttpConnector(httpClient));
 
             // Adding headers from datasource
diff --git a/deploy/docker/entrypoint.sh b/deploy/docker/entrypoint.sh
index 5031e9942d..dbb50f397b 100755
--- a/deploy/docker/entrypoint.sh
+++ b/deploy/docker/entrypoint.sh
@@ -2,7 +2,9 @@
 
 set -e
 
-function get_maximum_heap(){ 
+stacks_path=/appsmith-stacks
+
+function get_maximum_heap() {
     resource=$(ulimit -u)
     echo "Resource : $resource"
     if [[ "$resource" -le 256 ]]; then
@@ -12,7 +14,7 @@ function get_maximum_heap(){
     fi
 }
 
-function setup_backend_heap_arg(){
+function setup_backend_heap_arg() {
     if [[ ! -z ${maximum_heap} ]]; then
       export APPSMITH_JAVA_HEAP_ARG="-Xmx${maximum_heap}m"
     fi
@@ -25,7 +27,7 @@ init_env_file() {
 
   # Build an env file with current env variables. We single-quote the values, as well as escaping any single-quote characters.
   printenv | grep -E '^APPSMITH_|^MONGO_' | sed "s/'/'\"'\"'/; s/=/='/; s/$/'/" > "$TEMPLATES_PATH/pre-define.env"
-  
+
   echo "Initialize .env file"
   if ! [[ -e "$ENV_PATH" ]]; then
     # Generate new docker.env file when initializing container for first time or in Heroku which does not have persistent volume
@@ -59,6 +61,24 @@ init_env_file() {
   set +o allexport
 }
 
+setup_proxy_variables() {
+  export NO_PROXY="${NO_PROXY-localhost,127.0.0.1}"
+
+  # If one of HTTPS_PROXY or https_proxy are set, copy it to the other. If both are set, prefer HTTPS_PROXY.
+  if [[ -n ${HTTPS_PROXY-} ]]; then
+    export https_proxy="$HTTPS_PROXY"
+  elif [[ -n ${https_proxy-} ]]; then
+    export HTTPS_PROXY="$https_proxy"
+  fi
+
+  # If one of HTTP_PROXY or http_proxy are set, copy it to the other. If both are set, prefer HTTP_PROXY.
+  if [[ -n ${HTTP_PROXY-} ]]; then
+    export http_proxy="$HTTP_PROXY"
+  elif [[ -n ${http_proxy-} ]]; then
+    export HTTP_PROXY="$http_proxy"
+  fi
+}
+
 unset_unused_variables() {
   # Check for enviroment vairalbes
   echo "Checking environment configuration"
@@ -172,6 +192,42 @@ mount_letsencrypt_directory() {
   ln -s /appsmith-stacks/letsencrypt /etc/letsencrypt
 }
 
+is_empty_directory() {
+  [[ -d $1 && -z "$(ls -A "$1")" ]]
+}
+
+check_setup_custom_ca_certificates() {
+  local stacks_ca_certs_path
+  stacks_ca_certs_path="$stacks_path/ca-certs"
+
+  local container_ca_certs_path
+  container_ca_certs_path="/usr/local/share/ca-certificates"
+
+  if [[ -d $stacks_ca_certs_path ]]; then
+    if [[ ! -L $container_ca_certs_path ]]; then
+      if is_empty_directory "$container_ca_certs_path"; then
+        rmdir -v "$container_ca_certs_path"
+      else
+        echo "The 'ca-certificates' directory inside the container is not empty. Please clear it and restart to use certs from 'stacks/ca-certs' directory." >&2
+        return
+      fi
+    fi
+
+    ln --verbose --force --symbolic --no-target-directory "$stacks_ca_certs_path" "$container_ca_certs_path"
+
+  elif [[ ! -e $container_ca_certs_path ]]; then
+    rm -vf "$container_ca_certs_path"  # If it exists as a broken symlink, this will be needed.
+    mkdir -v "$container_ca_certs_path"
+
+  fi
+
+  if [[ -n "$(ls "$stacks_ca_certs_path"/*.pem 2>/dev/null)" ]]; then
+    echo "Looks like you have some '.pem' files in your 'ca-certs' folder. Please rename them to '.crt' to be picked up autatically.".
+  fi
+
+  update-ca-certificates --fresh
+}
+
 configure_supervisord() {
   SUPERVISORD_CONF_PATH="/opt/appsmith/templates/supervisord"
   if [[ -n "$(ls -A /etc/supervisor/conf.d)" ]]; then
@@ -218,19 +274,25 @@ check_redis_compatible_page_size() {
 
 # Main Section
 init_env_file
+setup_proxy_variables
 unset_unused_variables
+
 check_mongodb_uri
 if [[ -z "${DYNO}" ]]; then
   # Don't run MongoDB if running in a Heroku dyno.
   init_mongodb
   init_replica_set
-else 
+else
   # These functions are used to limit heap size for Backend process when deployed on Heroku
   get_maximum_heap
   setup_backend_heap_arg
 fi
+
+check_setup_custom_ca_certificates
 mount_letsencrypt_directory
+
 check_redis_compatible_page_size
+
 configure_supervisord
 
 CREDENTIAL_PATH="/etc/nginx/passwords"
diff --git a/deploy/docker/scripts/run-java.sh b/deploy/docker/scripts/run-java.sh
index 416a668864..11e8dabddc 100755
--- a/deploy/docker/scripts/run-java.sh
+++ b/deploy/docker/scripts/run-java.sh
@@ -1,4 +1,38 @@
 #!/bin/bash
 
+set -o errexit
+set -o pipefail
+set -o nounset
+
+http_proxy_host=""
+http_proxy_port=""
+https_proxy_host=""
+https_proxy_port=""
+
+if [[ ${HTTP_PROXY-} =~ ^http://(.*):(.*)$ ]]; then
+  http_proxy_host="${BASH_REMATCH[1]}"
+  http_proxy_port="${BASH_REMATCH[2]}"
+fi
+
+if [[ ${HTTPS_PROXY-} =~ ^http://(.*):(.*)$ ]]; then
+  https_proxy_host="${BASH_REMATCH[1]}"
+  https_proxy_port="${BASH_REMATCH[2]}"
+fi
+
+if ! isset NO_PROXY; then
+  # A default for this value is set in entrypoint.sh script.
+  NO_PROXY=""
+fi
+
 # Ref -Dlog4j2.formatMsgNoLookups=true https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot
-exec java ${APPSMITH_JAVA_ARGS:-} ${APPSMITH_JAVA_HEAP_ARG:-} -Dserver.port=8080 -Djava.security.egd=file:/dev/./urandom -Dlog4j2.formatMsgNoLookups=true -jar server.jar
\ No newline at end of file
+exec java ${APPSMITH_JAVA_ARGS:-} ${APPSMITH_JAVA_HEAP_ARG:-} \
+  -Dserver.port=8080 \
+  -Djava.security.egd=file:/dev/./urandom \
+  -Dlog4j2.formatMsgNoLookups=true \
+  -Djava.net.useSystemProxies=true \
+  -Dhttp.proxyHost="$http_proxy_host" \
+  -Dhttp.proxyPort="$http_proxy_port" \
+  -Dhttps.proxyHost="$https_proxy_host" \
+  -Dhttps.proxyPort="$https_proxy_port" \
+  -Dhttp.nonProxyHosts="${NO_PROXY/,/|}" \
+  -jar server.jar