Self-hosted proxy infrastructure: complete 2026 guide

Self-hosted proxy infrastructure is a category that ranges from “I run Squid in front of five purchased upstream proxies” to “I operate a 200-modem mobile proxy farm with ISP business contracts and four-9s uptime.” This guide is about the latter end of the spectrum: the build that actually saves money compared to buying from Bright Data or Oxylabs at scale, the operational reality of running it, and the break-even point where self-hosting starts paying off.

The numbers in this guide come from operating real proxy infrastructure on the SMP (Singapore Mobile Proxy) and similar farms in the Singapore-Malaysia region. The pricing, hardware choices, and ISP dynamics are 2026 reality. If you are scraping under 1 million pages per month, self-hosting is probably not worth it. Above 10 million, the unit economics are compelling. In between is the gray zone where it depends on your engineering capacity.

Why self-host

The case for self-hosted proxies in 2026:

Cost: at scale, self-hosted mobile proxies cost $0.30-$1 per GB versus $5-15/GB from premium vendors
Control: you choose the ISPs, IP ranges, geo distribution, and rotation behavior
Reliability: no upstream vendor outages affecting your business
Privacy: your traffic does not pass through a third-party gateway that logs everything
Customer billing: you can resell capacity if you have spare throughput

The case against:

Capex: hardware, racks, network equipment cost upfront ($50k+ for a serious build)
Opex: data plans, electricity, internet uplink, maintenance hours
ISP relationships: requires business contracts, sometimes legal entity in the country
24/7 ops: things break at 3am, you fix them
Capacity inflexibility: cannot quickly add 500 more IPs the way Bright Data can

Most teams should buy proxies. Self-hosting is for the small number of teams whose volume justifies the operational burden.

Architecture: the SMP-style mobile proxy farm

A typical mid-scale mobile proxy farm:

              + customers (scrapers, ad-verification, OSINT) +
                              |
                              | HTTPS to public IP
                              v
                  +-------------------------+
                  |   Edge proxy (Squid +   |
                  |   ProxySmart controller) |
                  +-------------------------+
                              |
                              | private 10.x routing
                              v
              +-------+-------+-------+-------+
              |       |       |       |       |
           server1 server2 server3 server4 ...
              |       |       |       |       |
              | USB  | USB  | USB  | USB  |
              v       v       v       v       v
            modem1  modem2  modem3  modem4  modem5  ...
            (LTE)  (LTE)  (LTE)  (LTE)  (LTE)
              |       |       |       |       |
              v       v       v       v       v
            ISP A    ISP B    ISP A    ISP C    ISP B   (carrier APNs)

Each modem produces one mobile IP via PPP-over-LTE through the carrier’s APN. The server hosts a process that exposes that modem as an HTTP/SOCKS5 port to the controller. The controller assigns ports to customers, handles rotation, and meters usage.

This pattern scales modularly: add a server with 50 modems, expose 50 more ports, customers see them as additional capacity. Each modem is one IP with full carrier-grade NAT obfuscation, which is the reason mobile IPs are valuable for scraping (they look like millions of real users sharing the carrier’s NAT pool).

Hardware: per-server build

Per-server hardware for a 50-modem build:

component	spec	purpose
chassis	4U server, 12-bay or rackmount mining frame	physical housing
CPU	Intel i5-12500 or Ryzen 5 5600	enough for 50 modem PPP daemons
RAM	32 GB DDR4	one PPP daemon per modem, ~500 MB each
storage	500 GB NVMe SSD	OS, logs, modem state
USB hubs	4x 16-port industrial USB 3.0 hubs	64 USB ports total
modems	50x Huawei E3372 or similar 4G/LTE dongles	the actual modems
SIM cards	50x carrier SIMs with data plans	network access
network	2x 1 Gbit Ethernet (LACP)	uplink to switch
PSU	redundant 850W	reliability

Cost per server: roughly $4,000-6,000 in hardware plus $300-500/month in SIM data plans (varies by country and plan size).

For the full multi-server build:

4-server cluster: ~$20,000 hardware + $1,500/month opex
Yields 200 mobile IPs
Throughput: ~10 Mbit/s per modem aggregate, so 2 Gbit/s peak across the farm
Bandwidth budget: usually 50-200 GB per modem per month (carrier-dependent)

Modems are the failure-prone component. Plan for 5-10% modem replacement per year. Keep spare modems and SIMs on hand.

Software stack

Each server runs:

Linux: Ubuntu 22.04 LTS or 24.04 LTS (most modem driver compatibility)
PPP daemon: pppd per modem with carrier-specific APN config
ProxySmart: per-modem HTTP/SOCKS proxy daemon exposing the PPP IP as a port
Controller agent: communicates with the central controller for port assignment, rotation, telemetry

ProxySmart specifically wraps each modem’s PPP interface and exposes it as an HTTP CONNECT proxy. Customers connect to a port (e.g., server2.example.com:8123) and traffic egresses through the modem’s mobile IP.

For DNS within the proxy farm, run a local resolver (unbound or dnsmasq) so that DNS queries do not leak to ISP resolvers, which can throttle or log them.

Network: ISP business contracts

The hardest part of self-hosting mobile proxies is not the technology, it is the SIM card supply. Personal-line carriers throttle or terminate SIMs that are clearly used for proxying. You need:

Business SIM contracts: a corporate account with 50+ lines, possibly negotiated bulk pricing
Data plans: typically 100-200 GB/month per line, billed as a corporate package
APN access: business APN (sometimes different from consumer APN)
Rotating contract terms: some carriers prohibit “automation” in their AUP; you need terms that allow this use

Country-specific dynamics in 2026:

region	ISP-friendliness	typical contract
Singapore	high (Singtel, Starhub, M1 all have business plans)	$30-50 per 100 GB
Malaysia	medium (Maxis, Digi, Celcom; some restrictions)	$20-40 per 100 GB
Indonesia	medium (Telkomsel, Indosat; data caps strict)	$15-30 per 100 GB
Thailand	high (AIS, Truemove, dtac all have plans)	$25-45 per 100 GB
US	low (Verizon, AT&T, T-Mobile have hostile AUPs)	$40-80 per 100 GB
Europe	varies (Vodafone, Orange friendlier; Telekom hostile)	$20-50 per 100 GB

Without a business relationship, the SIMs get shut down within weeks of heavy use. With a relationship, they last months or years.

Carrier rotation: rebooting modems for fresh IPs

Mobile IPs rotate on PPP reconnection. To get a new IP:

Send AT command to modem to reset
Wait for PPP to drop and reestablish
New IP is assigned by the carrier

Time to rotate: 10-30 seconds per modem. Customers see this as a “rotate” API call that returns a new IP within 30 seconds.

# Sketch of modem rotation script
import subprocess
import time

def rotate_modem(modem_id: int) -> str:
    # Send AT command via the modem's serial interface
    subprocess.run(
        ["echo", "AT+CFUN=4", ">", f"/dev/ttyUSB{modem_id}_at"],
        shell=True,
    )
    time.sleep(2)
    subprocess.run(
        ["echo", "AT+CFUN=1", ">", f"/dev/ttyUSB{modem_id}_at"],
        shell=True,
    )
    # Wait for PPP to come back up
    for _ in range(30):
        time.sleep(1)
        ip = subprocess.check_output(
            ["ip", "addr", "show", f"ppp{modem_id}"]
        ).decode()
        if "inet " in ip:
            new_ip = ip.split("inet ")[1].split("/")[0]
            return new_ip
    raise TimeoutError(f"modem {modem_id} did not reconnect")

In production, ProxySmart handles this via a REST API exposed per modem. Customers call POST /rotate/<port_token> and get a fresh IP within 30 seconds.

Customer-facing API

A typical customer interaction:

# Customer's scraper uses the proxy port
curl -x http://user:pass@proxy.example.com:8123 https://target.example.com

# When they need rotation
curl -X POST -H "Authorization: Bearer api_key" \
    https://proxy.example.com/api/v1/rotate/port_8123

# Check current IP
curl -x http://user:pass@proxy.example.com:8123 https://api.ipify.org

The controller exposes a REST API for customer self-service:

POST /api/v1/rotate/<port>: trigger rotation
GET /api/v1/status/<port>: current IP, data used, plan limit
POST /api/v1/swap/<port>: swap to a different modem (different ISP/IP range)
GET /api/v1/usage: per-customer billing info

For an example of this kind of platform, see Singapore Mobile Proxy which exposes mobile proxies via this pattern.

Costs and break-even

Real numbers for a 200-modem mobile farm in Singapore:

line item	monthly cost
SIM data plans (200 lines, 100 GB each)	$7,000
Server power (4 servers, 24/7)	$400
Internet uplink (1 Gbit business)	$300
Rack space (colo, 2U each * 4)	$500
Hardware amortization ($20k over 36 months)	$560
Engineering time (1 day/week)	$2,000
Total	$10,760/month

Capacity: 200 IPs * 100 GB/month = 20,000 GB/month total bandwidth. At a customer price of $1.50/GB, revenue is $30,000/month at full utilization. Margin: 65% gross.

For comparison, buying 20,000 GB of mobile proxy from Bright Data at $8/GB costs $160,000/month. Self-hosting saves $150k/month at this scale.

Break-even: roughly 30 modems / 3,000 GB/month is the point where self-hosting beats buying. Below that, the engineering and ops overhead is not worth the savings.

Monitoring

Critical metrics:

Per-modem PPP uptime: alert when any modem is down >5 minutes
Per-modem data usage: track against carrier plan limits
Per-port latency: median and p95 from edge proxy
Per-port throughput: bytes/sec by direction
Carrier IP reputation: periodically check IPs against known-bot lists
Modem hardware health: temperature, USB hub status

Tooling:

Prometheus + node_exporter on each server
Custom exporter for modem state (PPP uptime, IP, data usage)
Grafana dashboards for operator view
AlertManager routing to PagerDuty or Telegram

Sample dashboard panels:

panel	query
modem uptime	sum(up{job=”modem”}) / count(up{job=”modem”})
data usage by modem	sum_over_time(modem_bytes_total[7d])
latency p95 by port	histogram_quantile(0.95, port_latency_seconds_bucket)
customer requests/sec	rate(controller_requests_total[1m])

Failure modes

Real failure modes from running this kind of farm:

USB hub disconnect: a 16-port hub stops responding, takes down 16 modems. Fix: replace hub or USB-reset.
Modem firmware crash: single modem stops responding. Fix: USB-reset or physical reboot.
PPP daemon hang: ppp0 interface up but no traffic. Fix: kill pppd, restart.
Carrier IP block: ISP blocks one of your IP ranges. Fix: rotate to different APN or wait.
SIM data plan exhausted: SIM stops working. Fix: switch to backup SIM or wait for plan reset.
DNS poisoning by carrier: ISP injects DNS responses. Fix: use local resolver via DoT/DoH to bypass ISP.
Server crash: takes down all modems on that server. Fix: redundancy, multiple servers.
Network uplink flap: brief outages drop customer connections. Fix: dual uplinks with LACP.

The annual maintenance burden is roughly 100-200 engineering hours per 200-modem farm.

Comparison: self-host vs commercial

dimension	self-hosted	commercial
cost per GB	$0.30-1 at scale	$5-15
scale time	weeks to add capacity	minutes
reliability	99-99.9% (you own it)	99.9-99.99% (vendor SLA)
geo coverage	one country usually	global
IP rotation	per modem, your control	massive pools, vendor control
customer trust	depends on your reputation	well-known brand
ops burden	high	zero
break-even	~3,000 GB/month	starts at zero

Self-host when: high volume in one geo, regulatory needs to keep traffic local, custom rotation requirements, or building a product.

Commercial when: low volume, multi-geo needed, no engineering capacity for ops, want zero burden.

For broader proxy strategy, see best mobile proxy providers 2026 and building a custom rotating proxy pool with Squid.

Legal and compliance

Operating proxy infrastructure has compliance touchpoints:

Local telecoms law: in some countries, providing internet access requires a license
Customer KYC: depending on jurisdiction, you may need to verify customer identity
Logging requirements: some countries require ISPs to retain connection logs
AUP enforcement: customer abuse (CSAM, fraud) can implicate you if not addressed
Tax: B2B services have VAT/GST in many jurisdictions

For OWASP guidance on related security topics, see OWASP Top 10. For the specifics of running a regulated telecom service in your country, consult local counsel.

Operational checklist

For running a self-hosted mobile proxy farm in 2026:

Hardware sized for 50-200 modems per server
Business SIM contracts with carriers
Local DNS resolver (unbound)
Per-modem PPP daemons + ProxySmart
Central controller for port assignment
Customer REST API
Prometheus + Grafana monitoring
24/7 alerting on PPP uptime and data usage
Spare modems on hand (10% of fleet)
Regular IP reputation checks against deny lists
Customer billing system (Stripe, BMS, custom)
Legal review of AUP and terms

Smaller-scale alternative: residential at home

If you cannot justify mobile farm capex, a smaller residential setup at scale:

Get 5-10 residential ISP lines at home or in a colo with multiple ISPs
Run Squid or HAProxy on a single machine routing across the lines
Each line gives you one residential IP
Total cost: $200-500/month for the lines plus colo

Capacity is small (maybe 1-10 GB/day per line) but the IPs are real residential, very high quality. Useful for low-volume high-value scraping (account creation, captcha solving) where IP quality matters more than capacity.

FAQ

Q: how long do mobile SIMs last before getting flagged or shut down?
With a business contract: months to years. Without one: weeks. The relationship with the carrier is the durability factor, not the technology.

Q: can I run this on AWS or GCP?
Mobile proxies require physical USB-connected modems, so no. You can run the controller and edge proxy in cloud, but the modems themselves need physical hosting (your office, a colo, or a residential location).

Q: what about IPv6?
Most carriers in 2026 are dual-stack. ProxySmart supports both. For target sites that prefer IPv4 (most do), force IPv4 routing. For target sites with IPv6, expose the v6 address.

Q: is self-hosting worth it for residential proxies (not mobile)?
Less so. Residential ISP lines are slower to provision, harder to multi-tenant, and have hostile AUPs. Mobile is the better fit for self-hosting because of carrier-grade NAT and the established business-line market.

Q: how do I price for customers?
Common patterns: per-GB ($1-3/GB), per-port-month ($30-100 per dedicated port), or hybrid. Mobile proxies command higher prices than datacenter or residential. Match competitor pricing in your geo and undercut by 20% to get traction.

Common pitfalls in production self-hosted proxy infrastructure

The first failure mode is USB hub contention. Mobile proxy farms typically connect 16-32 USB modems per host through powered USB 3.0 hubs. Cheap hubs (under $40) commonly share one USB controller across all 16 ports, which means total throughput across the hub caps at roughly 480 Mbit/s shared. With 16 LTE modems each capable of 50-100 Mbit/s, the hub bandwidth becomes the bottleneck before the modems do. The fix is per-port-controlled hubs (Yepkit YKUSH3 or VIA-chipset hubs from D-Link DUB-H7 generation) where each port has its own USB controller chain. Budget $80-120 per 7-port hub. Verify with lsusb -t that each modem reports under a separate Bus rather than a shared one.

The second pitfall is carrier-side IP rotation policy mismatch. Different carriers rotate the LTE-assigned IP at different intervals: Singtel rotates every 4 hours by default, M1 rotates every 24 hours, StarHub rotates only on PDP context teardown (so it can stay sticky for days). If your scraper expects a stable IP per session and you provision a Singtel modem, your customer’s session token bound to the original IP becomes invalid after 4 hours. Match carrier choice to use case: use StarHub for sticky sessions, use Singtel for high-rotation requirements. Document each modem’s carrier in your inventory and route customer traffic accordingly.

The third pitfall is modem firmware silent regression. Quectel and Fibocom modems push firmware updates over the air for some operators. A firmware bump from EM05CEFAR06A07M4G to EM05CEFAR07A02M4G can change the AT command set, the PPP negotiation timing, or the TLS-handshake-passthrough behavior. Your provisioning scripts that worked yesterday produce silent failures today. The mitigation is firmware pinning where the modem allows it (AT+QFOTADL=0 to disable Quectel OTA on Quectel EM05/EM06/EC25 modems), or a weekly automated firmware-version inventory that flags any modem whose AT+CGMR output changed since last week.

Real-world example: month-end IP exhaustion recovery

A self-hosted mobile farm running 60 modems across three Singapore carriers hit a customer-facing outage on month-end of February 2026. Sixteen Vivifi modems exhausted their 100GB monthly data caps within the first 12 hours of February 28 because three large customers had over-rotated through the same proxy pool. Carrier behavior on cap exhaustion: the modem still attaches, PPP comes up, but every TCP connection times out or returns 503 from a carrier portal page. The pool’s automated health checks reported the modems “online” because PPP was up, but real customer traffic was 100 percent failing.

The recovery had three steps:

# Step 1: detect data exhaustion via active probe (not just PPP state)
async def is_modem_alive(port: int) -> bool:
    try:
        resp = await fetch_via_proxy(
            f"http://192.168.1.1:{port}",
            target_url="https://1.1.1.1/cdn-cgi/trace",
            timeout=5,
        )
        return resp.status == 200 and "ip=" in resp.text
    except Exception:
        return False

# Step 2: auto-rotate exhausted modems out of the active pool
exhausted = [m for m in MODEMS if not await is_modem_alive(m.port)]
for modem in exhausted:
    await mark_modem_unavailable(modem)

# Step 3: rotate to LTESpace reserve SIMs from the spare inventory
reserve = await get_reserve_sims(carrier="vivifi", min_data_gb=80)
for spare_sim, dead_modem in zip(reserve, exhausted):
    await swap_sim(dead_modem.imei, spare_sim.iccid)

The recovery took 47 minutes from first alert to full pool restoration. Lessons: PPP-state monitoring is necessary but not sufficient (must also probe an active TCP destination), reserve SIM inventory needs to be maintained at 20 percent of fleet size to absorb month-end exhaustion spikes, and customer billing should track per-port data usage daily so heavy users can be throttled before they exhaust shared pool capacity.

Wrapping up

Self-hosted proxy infrastructure pays off above ~3,000 GB/month if you have engineering capacity for ops. Below that threshold, buying from commercial vendors is the right call. For teams that build into self-hosting, the unit economics are very good: 65% gross margins, durable competitive advantage, customer trust through ownership of the stack. Pair this with our building a custom rotating proxy pool with Squid and best mobile proxy providers 2026 guides for both the build-vs-buy decision and the technical implementation, and browse the dev-tools-projects category on DRT for related infrastructure deep-dives.

Related comparison: See how Bright Data stacks up against a dedicated Singapore mobile network in our Singapore Mobile Proxy vs Bright Data comparison.

last updated: May 11, 2026