Self-Hosted Proxy Server: Setup Guide (Squid, HAProxy, 3proxy)

Running your own proxy server gives you full control over routing, logging, authentication, and costs. While commercial proxy services provide residential IPs, self-hosted proxies on VPS or dedicated servers offer datacenter IPs at a fraction of the cost with unlimited bandwidth.

Choosing a Proxy Server

Server	Best For	Complexity	Features
Squid	Full-featured HTTP proxy	Medium	Caching, ACLs, SSL bump
HAProxy	Load balancing, high perf	Medium	Health checks, stats
3proxy	Lightweight, simple	Low	Multi-protocol, small footprint
Nginx	Reverse proxy + forward	Medium	HTTP/2, modules
Tinyproxy	Minimal resource usage	Very Low	Basic HTTP proxy

Squid Setup

# Install
sudo apt update && sudo apt install squid -y

# Backup original config
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

# /etc/squid/squid.conf — Production configuration

# Network
http_port 3128
visible_hostname proxy.example.com

# Authentication
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic children 5
auth_param basic realm Proxy Authentication
auth_param basic credentialsttl 2 hours

acl authenticated proxy_auth REQUIRED
http_access allow authenticated
http_access deny all

# Performance
maximum_object_size 512 MB
cache_mem 256 MB
cache_dir ufs /var/spool/squid 10000 16 256

# Security
forwarded_for off
request_header_access Via deny all
request_header_access X-Forwarded-For deny all

# DNS
dns_nameservers 1.1.1.1 8.8.8.8

# Logging
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log

# Create users
sudo apt install apache2-utils -y
sudo htpasswd -c /etc/squid/passwords myuser

# Start Squid
sudo systemctl restart squid
sudo systemctl enable squid

# Test
curl -x http://myuser:mypassword@your-server:3128 https://httpbin.org/ip

3proxy Setup (Lightweight)

# Install 3proxy
sudo apt install 3proxy -y
# Or compile from source:
# git clone https://github.com/3proxy/3proxy && cd 3proxy && make -f Makefile.Linux

# /etc/3proxy/3proxy.cfg

# DNS
nscache 65536
nserver 1.1.1.1
nserver 8.8.8.8

# Timeouts
timeouts 1 5 30 60 180 1800 15 60

# Logging
log /var/log/3proxy/3proxy.log D
logformat "- +_L%t.%.  %N.%p %E %U %C:%c %R:%r %O %I %h %T"

# Users (user:CL:password)
users myuser:CL:mypassword
users scraper1:CL:scr4p3rP@ss

# Access control
allow myuser,scraper1

# HTTP proxy
proxy -p3128 -a

# SOCKS5 proxy
socks -p1080 -a

# HTTPS CONNECT proxy
proxy -p3129 -a

# Start 3proxy
sudo systemctl start 3proxy

# Test HTTP proxy
curl -x http://myuser:mypassword@your-server:3128 https://httpbin.org/ip

# Test SOCKS5
curl --socks5 myuser:mypassword@your-server:1080 https://httpbin.org/ip

HAProxy as Forward Proxy

# /etc/haproxy/haproxy.cfg

global
    log /dev/log local0
    maxconn 10000
    user haproxy
    group haproxy

defaults
    mode http
    timeout connect 10s
    timeout client 30s
    timeout server 30s
    option httplog

frontend proxy_frontend
    bind *:3128
    mode http
    
    # Basic auth
    acl auth_ok http_auth(users)
    http-request auth unless auth_ok
    
    # Forward proxy mode
    http-request set-header X-Forwarded-For %[src]
    default_backend proxy_backend

backend proxy_backend
    mode http
    server target 0.0.0.0:0

userlist users
    user myuser insecure-password mypassword

Security Hardening

# Firewall — only allow proxy port
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow 3128/tcp  # Proxy port
sudo ufw enable

# Fail2ban for proxy auth
sudo apt install fail2ban -y
# Add squid jail to /etc/fail2ban/jail.local

# SSL/TLS for proxy connection
# Generate self-signed cert
openssl req -x509 -newkey rsa:4096 -keyout proxy.key -out proxy.crt -days 365 -nodes

# Rate limiting in Squid
delay_pools 1
delay_class 1 2
delay_parameters 1 64000/64000 8000/8000
delay_access 1 allow authenticated

Internal Links

Building a Proxy Server from Scratch — understand the internals
Proxy Server Architecture — design patterns
Building Your Own Rotating Proxy Pool — add IP rotation
Docker for Web Scraping — containerize your proxy
IPv6 Proxy Support — add IPv6 to your setup

FAQ

Which VPS provider is best for hosting a proxy server?

Vultr, DigitalOcean, and Hetzner offer good options. Hetzner provides the cheapest dedicated servers in Europe. For US-based proxies, Vultr and DigitalOcean have wide datacenter coverage. Choose a provider with multiple datacenter locations for geographic diversity.

How much does a self-hosted proxy cost?

A basic VPS ($5-10/month) can run a proxy server with unlimited bandwidth. Dedicated servers ($30-80/month) offer better performance. Compare this to commercial datacenter proxies at $0.50-2/IP/month — self-hosting is cheaper if you need few IPs with high bandwidth.

Will websites detect my self-hosted proxy IPs?

Datacenter IPs are easier to detect than residential IPs. Many anti-bot services maintain databases of datacenter IP ranges. Self-hosted proxies work well for sites without aggressive anti-bot measures. For protected sites, use commercial residential proxies.

Can I run multiple proxy servers behind a load balancer?

Yes. Use HAProxy or Nginx as a frontend load balancer distributing traffic across multiple proxy servers. This provides redundancy and increased throughput. Each backend proxy can have different exit IPs.

How do I monitor my proxy server’s health?

Use Squid’s built-in stats (cachemgr.cgi), HAProxy’s stats page, or export metrics to Prometheus/Grafana. Monitor connection counts, bandwidth usage, error rates, and response times. Set up alerts for high error rates or connection exhaustion.