Pingora: Cloudflare’s High‑Performance Rust‑Based Reverse Proxy

Introduction

Cloudflare announced the deprecation of NGINX in favor of a self‑built reverse‑proxy service called Pingora, claiming it is faster, more efficient, and more secure.

Why Build a New Proxy

NGINX’s worker‑process architecture caused load imbalance, poor connection reuse, and limited functionality for Cloudflare’s scale, prompting the need for a new solution.

Pingora Project

Pingora is written in Rust to achieve memory safety without sacrificing performance. The team built a custom HTTP library to handle the diverse and non‑RFC‑compliant traffic seen on the Internet.

Design Decisions

The service uses a multithreaded model with Tokio for asynchronous execution, shares connection pools across threads, and provides a programmable request‑lifecycle API similar to NGINX/OpenResty.

Performance Improvements

In production, Pingora reduces median TTFB by 5 ms and the 95th percentile by 80 ms, cuts new‑connection rates to one‑third, raises connection‑reuse to 99.92 %, and saves roughly 434 years of handshake time per day.

Efficiency Gains

Compared with the previous service, Pingora lowers CPU consumption by ~70 % and memory usage by ~67 % thanks to Rust’s zero‑copy string handling and a more efficient multithreaded architecture.

Security Enhancements

Rust’s memory‑safety guarantees reduce crashes and undefined behavior, allowing engineers to iterate quickly while maintaining reliability at massive scale.

Conclusion

Pingora provides a faster, more efficient, and more versatile internal proxy platform that underpins Cloudflare’s current and future products.