Why Cloudflare Open‑sourced Pingora: A Rust‑Powered Proxy Framework

In 2022 Cloudflare announced that it had replaced Nginx with an internally built Rust‑based proxy called Pingora, aiming to create a faster, more efficient, and more versatile platform for current and future products.

Cloudflare has now open‑sourced the Pingora framework under the Apache License, with the source code hosted on GitHub ( https://github.com/cloudflare/pingora ).

Pingora is a Rust asynchronous multi‑threaded framework for building HTTP proxy services. It has been used internally at Cloudflare for years and reportedly processes more than 40 million internet requests per second, handling close to ten quadrillion requests across Cloudflare’s global network.

Key Features of Pingora

Asynchronous Rust : fast and reliable

HTTP 1/2 end‑to‑end proxy

TLS support via OpenSSL or BoringSSL

gRPC and websocket proxy

Graceful zero‑downtime reloads

Customizable load‑balancing and fail‑over strategies

Support for multiple observability tools

Cloudflare’s team wrote, “We are open‑sourcing Pingora to help build a better, safer internet beyond our own infrastructure. We hope to provide tools, ideas, and inspiration for our customers, users, and others to build their own internet infrastructure with a memory‑safe framework .”

Pingora provides libraries and APIs to build services on top of HTTP/1, HTTP/2, TLS, or TCP/UDP. As a proxy, it supports end‑to‑end HTTP/1 and HTTP/2, gRPC, and websocket proxying, with HTTP/3 support planned. It offers customizable load‑balancing and fail‑over, and for compliance and security it integrates with OpenSSL and BoringSSL.

Beyond these capabilities, Pingora offers filters and callbacks that let users fully customize how requests are processed, transformed, and forwarded.

In operation, Pingora supports zero‑downtime graceful restarts that upgrade the service without dropping any incoming requests. It integrates easily with Syslog, Prometheus, Sentry, OpenTelemetry, and other essential observability tools.

It is important to note that Pingora is still pre‑1.0, its API is not yet stable, and Cloudflare currently has no plans to support non‑Unix operating systems.

Cloudflare engineers are enthusiastic about Rust. They rewrote Nginx’s C modules in Rust last year, citing benefits such as strict execution boundaries that make previously impossible features feasible, and eliminating many memory‑safety issues that have plagued the industry.

However, OpenResty author 章亦春, who previously worked on Cloudflare’s architecture, argued that the new engineers “couldn’t handle” Nginx, so they rebuilt the wheel in Rust, and he believes writing an interpreted gateway in Rust is a step backward.