While Squid has been the traditional choice for local network proxying, Nginx offers several compelling advantages:
- Lightweight resource usage compared to Squid's memory footprint
- Superior handling of concurrent connections
- Built-in caching mechanisms that outperform Squid in many scenarios
- More flexible configuration syntax
- Ability to serve as both web server and proxy simultaneously
Here's a minimal configuration to get started with Nginx as a forward proxy:
http {
server {
listen 3128;
location / {
resolver 8.8.8.8;
proxy_pass http://$http_host$request_uri;
proxy_set_header Host $http_host;
proxy_buffering off;
}
}
}
For better performance on local networks, implement caching:
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=PROXYCACHE:100m inactive=24h max_size=1g;
server {
listen 3128;
proxy_cache PROXYCACHE;
proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m;
location / {
resolver 8.8.8.8;
proxy_pass http://$http_host$request_uri;
proxy_set_header Host $http_host;
}
}
Secure your proxy with basic authentication:
server {
listen 3128;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
# Proxy configuration
}
}
Generate password file using:
htpasswd -c /etc/nginx/.htpasswd username
- Adjust worker_processes to match CPU cores
- Set worker_connections based on expected load
- Enable keepalive_timeout for persistent connections
- Consider using shared memory zones for active connections
Add these directives to monitor proxy performance:
log_format proxy_log '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$upstream_cache_status"';
access_log /var/log/nginx/proxy_access.log proxy_log;
While Squid has been the go-to proxy solution for many network administrators, Nginx offers several compelling advantages for local network proxying:
- Lightweight resource consumption compared to Squid
- Superior handling of concurrent connections
- Flexible configuration with support for modern protocols
- Built-in caching capabilities
- Seamless integration with other web services
Here's a minimal configuration to get started with Nginx as a forward proxy for your local network:
http {
server {
listen 3128;
location / {
resolver 8.8.8.8;
proxy_pass http://$http_host$uri$is_args$args;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
proxy_max_temp_file_size 0;
}
}
}
To optimize performance for frequently accessed resources:
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m inactive=60m;
proxy_cache_key "$scheme$request_method$host$request_uri";
server {
listen 3128;
location / {
proxy_cache my_cache;
proxy_pass http://$http_host$uri$is_args$args;
proxy_cache_valid 200 302 10m;
proxy_cache_valid 404 1m;
}
}
For securing your proxy server:
server {
listen 3128;
auth_basic "Proxy Authentication";
auth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass http://$http_host$uri$is_args$args;
allow 192.168.1.0/24;
deny all;
}
}
- Connection pooling: Keep upstream connections open for reuse
- Buffering control: Fine-tune proxy_buffer_size and proxy_buffers
- TCP optimizations: Adjust keepalive_timeout and tcp_nodelay
- DNS caching: Implement resolver with cache for faster lookups
Essential directives for tracking proxy activity:
log_format proxy_log '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/proxy_access.log proxy_log;
error_log /var/log/nginx/proxy_error.log;
Nginx excels in these local network proxy scenarios:
- Content filtering for educational institutions
- Bandwidth optimization in office environments
- Testing environment isolation
- Secure browsing for IoT devices
- Media streaming optimization