How Cloudflare Replaced Nginx with a Rust‑Based Proxy and What It Means for Backend Development

Last year Cloudflare announced that it replaced Nginx with an internally developed, Rust‑written proxy called Pingora, aiming to build a faster, more efficient, and more versatile internal proxy for its current and future products.

Recently Cloudflare engineers detailed how they rewrote a C‑based Nginx module in Rust. They created a Rust replacement for the cf‑html module, a core component of Cloudflare’s reverse web proxy, also known as Front Line (FL).

FL handles most of the logic for Cloudflare’s application services, making the replacement a significant challenge. Cloudflare says completing this work clears the path to completely abandoning Nginx, and future plans involve gradually swapping out components used for Nginx/OpenResty proxies to achieve a future without NGINX.

Cloudflare engineers, who are enthusiastic about Rust, highlighted its benefits: beyond preventing bugs, Rust’s safety enables the implementation of features previously considered extremely difficult or unsafe, such as a Wireshark‑like filter language for firewall rules, allowing millions of users to write arbitrary JavaScript that runs directly on the platform, and instant HTML rewriting. Rust provides strict execution boundaries, turning the impossible into possible, and resolves long‑standing memory‑safety issues.

Related links: https://blog.cloudflare.com/rust-nginx-module and https://twitter.com/Cloudflare/status/1629119206770847744.