← Back to Blog
RUENZHESARPTDEFRJAKOITTRIDVIFAHI

Proxy Server on Synology NAS: Step-by-Step Setup of Squid and Shadowsocks at Home

Synology NAS is not just a file storage solution, but also a complete platform for running a proxy server. We explain how to set up a home proxy and connect it in anti-detect browsers.

πŸ“…June 7, 2026
```html

You have a Synology NAS at home or in the office, running 24/7 and consuming less electricity than a light bulb. Why not turn it into a personal proxy server? In this article, we will discuss two working methods: through Squid (HTTP/HTTPS) and through Shadowsocks (SOCKS5), as well as explain when a home proxy is genuinely helpful and when it's better to use a ready-made solution.

Why set up a proxy on Synology NAS

Synology NAS is a device with a full-fledged operating system DSM (DiskStation Manager), which is based on Linux. Inside, you can run Docker containers, install packages from the official catalog, and even deploy web applications. This makes NAS an excellent platform for running a lightweight proxy server.

Who really needs this? Here are some practical scenarios:

  • SMM specialists and arbitrageurs who work from home and want to have a stable IP from their home provider β€” such an IP is perceived by platforms as a "real" user.
  • Testing local content β€” check how a website or advertisement looks from a home IP, without unnecessary expenses on proxies.
  • Remote access to the local network via proxy β€” convenient for those who travel frequently and want to "exit" through their home address.
  • Bypassing regional restrictions for personal use β€” if there is only one provider at home, but you need an IP from a specific city.
  • Developers and testers who need a stable exit point with a known IP for testing APIs and webhooks.

The main advantage of a home proxy on NAS is your real IP from your home provider. Such addresses are extremely rarely blacklisted because they belong to ordinary users, not data centers. By nature, this is the same as residential proxies β€” IPs of real home users that are hard to distinguish from a real person.

However, a home proxy also has limitations: one IP, dependence on home internet, and the need for technical knowledge for setup. More on this in the section about limitations. For now, let's figure out what is needed to get started.

What you need before starting the setup

Before you start the installation, make sure you have everything you need. Skipping any of these points will result in the proxy either not working or being insecure.

Technical requirements:

  • Synology NAS with DSM 7.x β€” most current models (DS220+, DS223, DS720+, DS920+, and others) are suitable. Older models with DSM 6.x also work, but the interface may differ.
  • Docker installed on NAS β€” in DSM 7.2+ this is the "Container Manager" package, in earlier versions β€” just "Docker" from the Package Center.
  • Static internal IP for NAS β€” go to your router and reserve an IP for the MAC address of your NAS so that it does not change after a reboot.
  • Public IP from the provider or DDNS β€” if you want to connect to the proxy from outside (not just from the home network). Many providers give a dynamic public IP β€” in this case, set up Synology DDNS.
  • Open port on the router β€” you will need to forward a port (for example, 3128 for Squid or 1080 for Shadowsocks) through the router settings.
  • SSH access to NAS β€” enable it in DSM: Control Panel β†’ Terminal & SNMP β†’ Enable SSH service.

⚠️ Important about "gray" IP

If your provider issues a "gray" IP (behind the provider's NAT) β€” the home proxy will not work for external access. Check: go to 2ip.ru and compare the IP with what the router shows. If they are different β€” you have a gray IP. In this case, you can ask the provider to connect the "public IP" service (usually costs 100-300 rubles per month).

Setting up Squid HTTP proxy on Synology

Squid is a classic and proven HTTP/HTTPS proxy server. It is supported by almost all programs and browsers, including anti-detect browsers Dolphin Anty, AdsPower, GoLogin, and Multilogin. We will run Squid through Docker β€” this is easier and safer than installing it directly.

Step 1: Create a folder for configuration

Open File Station on your NAS and create a folder for configuration files. For example: /docker/squid/config. Inside, create a file squid.conf.

Step 2: Minimal Squid configuration

Connect to the NAS via SSH and create the configuration file. Here is a basic configuration with login and password authentication: 

# Port on which Squid will listen
http_port 3128

# Allow access only with authentication
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm Squid Proxy
auth_param basic credentialsttl 2 hours

acl authenticated proxy_auth REQUIRED
http_access allow authenticated

# Deny everything else
http_access deny all

# Hide proxy information
forwarded_for delete
via off
request_header_access X-Forwarded-For deny all

Step 3: Create a password file

Connect via SSH and run the command to create a user (replace myuser with your login): 

# Install htpasswd if not present (the container will do this automatically)
# Create the password file
docker run --rm httpd:2.4-alpine htpasswd -nbB myuser mypassword > /volume1/docker/squid/config/passwd

Step 4: Start the container via Container Manager

Open Container Manager (or Docker) in DSM. Go to the "Registry" section, find the image ubuntu/squid and download it. Then create a container with the following parameters:

  • Container name: squid-proxy
  • Port: host 3128 β†’ container 3128 (TCP)
  • Volume: /volume1/docker/squid/config β†’ /etc/squid
  • Auto-start: enable, so the proxy starts after NAS reboots
  • Network: bridge (default)

After starting the container, check if the proxy is working: open a browser, enter your NAS IP in the proxy settings, port 3128, login, and password. Go to 2ip.ru β€” your home IP should be displayed.

Setting up Shadowsocks (SOCKS5) on Synology

Shadowsocks is a more modern protocol that disguises traffic as regular HTTPS. It is harder to block, and it works faster than Squid in unstable connection conditions. For arbitrageurs and SMM specialists, this may be preferable, as anti-detect browsers work well with SOCKS5.

Step 1: Prepare the folder

In File Station, create a folder /docker/shadowsocks. Inside, create a configuration file config.json with the following content: 

{
  "server": "0.0.0.0",
  "server_port": 8388,
  "password": "YourSecurePassword2024",
  "timeout": 300,
  "method": "aes-256-gcm",
  "fast_open": false,
  "mode": "tcp_and_udp"
}

Replace YourSecurePassword2024 with a strong password. The method aes-256-gcm is modern and fast, we recommend using it.

Step 2: Start the Shadowsocks container

In Container Manager, find the image shadowsocks/shadowsocks-libev and download it. Create a container:

  • Name: shadowsocks-proxy
  • Port: host 8388 β†’ container 8388 (TCP and UDP)
  • Volume: /volume1/docker/shadowsocks β†’ /etc/shadowsocks-libev
  • Startup command: ss-server -c /etc/shadowsocks-libev/config.json
  • Auto-start: enable

Step 3: Client on your computer

Shadowsocks is not a regular proxy that you can directly enter into a browser. You need a client that will create a local SOCKS5 proxy and route traffic through it to your NAS. Download Shadowsocks-Windows or Outline Client, and specify:

  • Server: your home IP (or DDNS address)
  • Port: 8388
  • Password: the one you specified in config.json
  • Method: aes-256-gcm

After connecting, the client will create a local SOCKS5 proxy at 127.0.0.1:1080. This is the address you will enter in the settings of anti-detect browsers.

Connecting the proxy in Dolphin Anty and AdsPower

After the proxy server on NAS is set up and running, you need to connect it correctly in the anti-detect browser. Let's go through the setup in two popular tools β€” Dolphin Anty and AdsPower.

Dolphin Anty: adding a proxy

Open Dolphin Anty β†’ go to the "Proxy" section β†’ click "Add proxy". Fill in the fields:

  • Type: HTTP (for Squid) or SOCKS5 (for Shadowsocks client)
  • Host: your NAS IP (for local network) or your home IP/DDNS (for external access). For Shadowsocks through the client β€” 127.0.0.1
  • Port: 3128 (Squid) or 1080 (local SOCKS5 from Shadowsocks client)
  • Login and password: those you set during setup

Click "Check proxy" β€” Dolphin will show the IP, country, and provider. If everything is set up correctly, you will see the details of your home provider. After that, assign the proxy to the desired browser profile.

AdsPower: setting up the proxy in the profile

In AdsPower, open "Create profile" or edit an existing one. In the "Proxy settings" section, select the type and fill in the data similarly to Dolphin. AdsPower also supports importing proxies in bulk β€” convenient if you have multiple profiles, although in the case of a home NAS, you will have one IP.

GoLogin and Multilogin

In GoLogin, go to profile settings β†’ "Proxy" β†’ enter the data. In Multilogin, similarly: when creating a profile in the "Proxy" section, select HTTP or SOCKS5 type and enter the address, port, login, and password. Both browsers support proxy checking directly in the interface.

πŸ’‘ Tip for SMM specialists

A home proxy on NAS provides one IP β€” this means that all profiles in the anti-detect browser will exit from one address. For managing multiple Instagram or TikTok accounts, this is a problem: platforms may link accounts by IP. If you need different IPs for each account, a home NAS will not replace a proxy pool β€” you will need mobile proxies with rotation.

Security: how not to expose the proxy to the entire internet

This is the most important section. An open proxy without protection is a disaster: strangers will use your IP for spam, fraud, or bypassing blocks, and the responsibility will formally fall on you as the owner of the address. Here’s what you must do:

1. Authentication β€” mandatory

Never run a proxy without a login and password. In the Squid configuration above, authentication is already enabled. For Shadowsocks, the password serves as authentication β€” without it, you cannot connect. Use strong passwords: at least 16 characters, including numbers and special characters.

2. IP address restriction

If you know which IPs you will be connecting from (for example, from a work computer with a fixed IP), add a whitelist to the Squid configuration: 

# Allow only from a specific IP
acl allowed_ip src 203.0.113.45
http_access allow allowed_ip

# Deny everything else
http_access deny all

3. Non-standard port

Do not use standard ports 3128 and 8080 for Squid, 1080 for SOCKS. Bots constantly scan the internet for open proxies on these ports. Choose something non-standard: for example, 47823 or 39154.

4. Firewall on the router

In your router settings, set a rule: the proxy port is open only for specific external IP addresses. Most modern routers (ASUS, Keenetic, MikroTik) support this through the "Firewall" section. If your router does not support this β€” at least enable authentication.

5. Log monitoring

Squid keeps detailed logs in /var/log/squid/access.log. Periodically check them: if you see requests from unknown addresses or to suspicious sites β€” immediately close access and change the password. In Container Manager, you can view the container logs directly in the DSM interface.

Limitations of a home proxy and when it won't help

Let's be honest about where a home proxy on Synology NAS will not meet the task. It's important to understand this in advance to avoid wasting time on setup where a different solution is needed.

Task Home NAS proxy Commercial proxy
1 account, personal use βœ… Excellent Excessive
10+ Instagram/TikTok accounts ❌ One IP for all βœ… Different IPs for each
Farming Facebook Ads accounts ⚠️ Risky (one IP) βœ… IP pool with rotation
Parsing Wildberries/Ozon ❌ One IP β€” will be banned quickly βœ… Rotation of thousands of IPs
Testing ads from another city ❌ Only your city βœ… Any region and country
Stability 24/7 ⚠️ Depends on home internet βœ… Guaranteed uptime
Connection speed ⚠️ Limited by home provider's upload βœ… Dedicated channels
Anonymity (IP change) ❌ IP is always the same βœ… Rotation on demand

The main conclusion: a home NAS proxy is a tool for personal use or development, but not for large-scale work with multiple accounts. As soon as you need more than one IP, different geolocations, or high speed β€” the home solution stops being effective.

Another important point: a home IP is your real address. If you use it for tasks that platforms consider violations of rules (mass account farming, aggressive parsing), this IP can be blocked forever. And changing it won't be easy β€” you will have to call the provider or change your tariff plan. In commercial proxies, changing IP takes seconds.

For serious work with multiple accounts or parsing marketplaces, it is better to consider data center proxies β€” they are fast, cheap, and easily scalable for any volume of tasks.

Conclusion: home proxy vs commercial solutions

Setting up a proxy server on Synology NAS is feasible and not as complicated as it seems. If you already have a NAS with Docker, the entire setup will take about 30-60 minutes. You will get a proxy on a real home IP that runs 24/7 and does not require monthly payments.

Squid is suitable for HTTP/HTTPS tasks and works well with anti-detect browsers. Shadowsocks is better for bypassing restrictions and is more resilient to blocks. Both options require proper security setup β€” an open proxy without a password is dangerous.

However, the honest conclusion is this: a home NAS proxy is a solution for one person with one IP. As soon as tasks grow (multiple accounts, different geolocations, high load), the home solution becomes a bottleneck. In this case, the right choice is commercial proxies with a pool of addresses and rotation.

If you manage multiple accounts on Instagram, TikTok, or work with Facebook Ads β€” we recommend trying residential proxies: they provide real home IPs from the necessary countries and cities, support rotation, and work with any anti-detect browsers without unnecessary technical settings.

```