diff --git a/roles/network/tasks/squid.yml b/roles/network/tasks/squid.yml
index 3e7034886..4c1c76fbe 100644
--- a/roles/network/tasks/squid.yml
+++ b/roles/network/tasks/squid.yml
@@ -20,12 +20,24 @@
     createhome: False
     shell: /bin/false
 
+# 2021-08-16: Squid runs as 'nobody' when started as root:
+# http://www.squid-cache.org/Doc/config/cache_effective_user/
+# Much more detail here, but neither directive is recommended:
+# http://www.squid-cache.org/Doc/config/cache_effective_group/
+#
+# So nobody:root or root:root ownership don't work for cache_dir /library/cache
+#
+# Squid auto-creation of cache_dir (or the old way, 'squid -z') both fail:
+# "FATAL: Failed to make swap directory /library/cache: (13) Permission denied"
+#
+# SEE ALSO: https://github.com/iiab/iiab/blob/master/roles/network/templates/squid/squid.conf.j2#L10-L30
+
 - name: Create Squid directory /library/cache ({{ proxy_user }}:{{ proxy_user }}, 0750)
   file:
     state: directory
     path: /library/cache
-    owner: "{{ proxy_user }}"    # Squid runs as 'nobody' according to http://www.squid-cache.org/Doc/config/cache_effective_user/
-    group: "{{ proxy_user }}"    # So root:root ownership doesn't work for dir /library/cache
+    owner: "{{ proxy_user }}"
+    group: "{{ proxy_user }}"
     mode: 0750
 
 - name: Install site allowlists/whitelists /etc/{{ proxy }}/allow_dst_domains, /etc/{{ proxy }}/allow_url_regexs from template (root:root, 0644 by default)
diff --git a/roles/network/templates/squid/squid.conf.j2 b/roles/network/templates/squid/squid.conf.j2
index feca47c22..9feed126d 100644
--- a/roles/network/templates/squid/squid.conf.j2
+++ b/roles/network/templates/squid/squid.conf.j2
@@ -12,18 +12,22 @@ client_netmask 255.255.255.0
 http_access allow localhost manager
 http_access deny manager
 
-#  Where is the cache stored on disk ?
-#  Parameters
+# 2021-08-16: Squid's auto-creation of cache_dir (or the old way, 'squid -z')
+# don't work well in recent years.  So we do it manually, as explained here:
+# https://github.com/iiab/iiab/blob/master/roles/network/tasks/squid.yml#L17-L41
+
+# Where is the cache stored on disk? http://www.squid-cache.org/Doc/config/cache_dir/
+#
 #         Type (ufs, aufs, or COSS)
 #          |       Where
 #          |         |        Size (in MB)
 #          |         |         |
-#          |         |         |    L1 (directories)
-#          |         |         |    |  L2 (directories)
-#          |         |         |    |  |
+#          |         |         |     L1 (directories)
+#          |         |         |     |  L2 (directories)
+#          |         |         |     |  |
 #cache_dir aufs /library/cache 20000 32 256
 cache_dir ufs /library/cache 200 16 128
-# Remove the line above IF YOU WANT SQUID'S CACHE IN MEMORY INSTEAD OF DISK
+# Remove the line above IF YOU WANT SQUID'S CACHE IN MEMORY INSTEAD OF DISK!
 
 {% if gw_squid_whitelist %}
 #acl allow_src_ips src "/etc/squid/allow_src_ips"