Configuring proxy server on a Synology NAS

A proxy server can be useful to reduce the number of requests and data when browsing over the internet. Especially when files are downloaded repeatedly, like opening facebook multiple times a day or downloading the same file frequently (updating multiple vm’s).

Since I have a Synology NAS I wanted to experiment with a squid proxy and a zero-touch configuration for my clients using WPAD.

Step 1 – Squid proxy

First we need to install the squid proxy package on the Synology NAS. For that we need ipkg. If you haven’t installed ipkg yet, please install it first (link).

You can install the package squid in with the command: ipkg install squid

ipkg install squid

Optionally you can change the size of the disk cache. By default the size of the cache is 100MB, not really much, so I increased this to 4GB. The size of the cache is stored in the parameter cache_dir in the file /opt/ec/squid/squid.conf. The third parameter (4096) is the size in megabytes.

/opt/etc/squid/squid.conf - cache_dir

Then we want to validate the configuration with squid –k parse  and create the temp (or swap directory) with the command squid –z.

squid-k parse   ||   squid -z

The startup script is by default not placed in the startup directory of Synology DSM, therefor we create a symbolic link: ln –s /opt/etc/init.d/S80squid /usr/syno/etc/rc.d/

ln –s /opt/etc/init.d/S80squid /usr/syno/etc/rc.d/

And then we’re ready to start the squid daemon: /opt/etc/init.d/S80squid start

/opt/etc/init.d/S80squid start

Congratulations! You know got a operational proxy server Glimlach All you have to do is configuring you’re client to use the proxy server <fqdn-or-ip-address-of-your-nas>:3128
Internet options - proxy configuraton

Step 2 – WPAD

If you don’t want to configure the FQDN or IP address and port number on each client you can use the Web Proxy Autodiscovery Protocol (WPAD). This is a method used by clients to locate a URL of a configuration URL using DHCP and/or DNS discovery methods. Source: wikipedia

The WPAD uses a JavaScript file (named WPAD.DAT) that can direct browsers to the correct proxy server. Since this is a JavaScript file some intelligence can be used, like excluding certain websites. In this case I’ll use a simple wpad configuration file which always directs the users to my fresly install proxy server.

   function FindProxyForURL(url, host)
   {
      return "PROXY 10.0.1.23:3128; DIRECT";
   }

This file is stored in the root of the Apache server (installed by default): /volume1/web/wpad.dat

http://10.0.1.23/wpad.dat

Next we need to add a mime.type in the apache configuration to enable automatic proxy configuration. This is done by adding the following line in the file /usr/syno/apache/conf/mime.types

application/x-ns-proxy-autoconfig    dat

/usr/syno/apache/conf/usr/syno/apache/conf/mime.types

 


Now you can configure your browser to use the automatic configuration script.

Internet options - proxy configuraton

 

 

 

Step 3 – DHCP

Now if you’re really lazy and don’t want to configure the location of the wpad configuration file on every client, you can configure WPAD via DHCP or DNS. The most reliable method is providing the location of the wpad configuration file via a DHCP option.

Since we have a Synology NAS, and because we can use this device, we’re using the NAS as a DHCP server. For that we need to install a DHCP package which is an optional package provided by Synology.

  1. Select ‘Package Center’
  2. Click on the tab ‘Available’
  3. Locate the package ‘DHCP Server’ and click ‘Install’

Synology Package Center - DHCP Server

Now first we need to setup a basic configuration so DHCP leases can be offered.

  1. Click on the ‘Start’ button on the top left
  2. Click on  the icon ‘DHCP Server’
  3. Click on the button ‘DHCP Server’

    Netwerkinterfaces
  4. Specify your Synology NAS as the DNS server and add a list of addresses the DHCP server is allowed to lease

    Netwerkinterfaces - DHCP Server
  5. Click Apply

 

In case the DHCP server doesn’t work you should check the /var/log/message file. If this contains the  message ‘Can not open DHCP lease file’ you should ‘issue the following commands:

touch /var/packages/DHCPServer/target/etc/dhcp.conf.leases
touch /var/packages/DHCPServer/target/etc/dhcp-leases.log

Can not open DHCP lease file

touch /var/packages/DHCPServer/target/etc/dhcp.conf.leases

Now we need to add the DHCP option 252 (auto-proxy-config) with the location of the wpad configuraton file. The configuraton file is stored in the /etc/dhcp/ directory. Note that the /etc/rc.network script regenerates the /etc/dhcpd.conf when the DHCP server is started. The content of all /etc/dhcpd/dhcpd-*.conf files with a corresponsing /etc/dhcpd/dhcpd-*.info file, stating it is enabled, will be merged in the applied configuration.

Updated on 11-01-2013 with correct filename

Add the following two files:

/etc/dhcpd/dhcpd-server-options.conf

dhcp-option=252,”http://<location-of-your-synology-nas>/wpad.dat”

Very important: Add a line feed after the first line (press Enter) otherwise lines will merge in dhcpd.conf  with this as a result.

/etc/dhcpd/dhcpd-server-options.info

enable=”yes”

You have to logon with user root, the user admin has insufficient privileges.



/etc/dhcpd/dhcpd-server-options.conf/etc/dhcpd/dhcpd-server-options.info

 

(Re)start the DHCP server to apply the settings.

 

Now you can configure your browser to detect the automatic configuration.

Internet options - proxy configuraton

 

4. Is it working

You can verify if  you’re using a proxy server by visiting http://www.whatismyip.com/. Not only will it show you you’re IP address but also if and what proxy server you’re using.

http://www.whatismyip.com/

 

 

Reference

Was once an enthusiastic PepperByte employee but is now working at Citrix. His blogs are still valuable to us and we hope to you too.