Why Cloudflare Replaced Nginx with Pingora: Faster, Safer, More Efficient Proxy

Introduction

Cloudflare announced that it has replaced Nginx with its home‑grown HTTP proxy, Pingora, claiming higher speed, efficiency and security.

Why build a new proxy

NGINX’s worker‑process model caused load imbalance, poor connection reuse and limited functionality for Cloudflare’s massive scale. The C‑based codebase and lack of memory safety also made adding advanced features difficult.

Architectural limits hurt performance

Each request in NGINX is handled by a single worker, leading to CPU core imbalance and slower TTFB. Connection pools are per‑worker, so adding more workers reduces reuse, increasing handshake overhead and resource consumption.

Difficulties adding certain features

NGINX’s architecture and C language make it hard to implement functions such as request retries with different headers, and the lack of static typing in Lua extensions reduces performance.

Decision to build our own

After evaluating three options—customising NGINX, migrating to another third‑party proxy, or building a new platform from scratch—Cloudflare chose the latter despite the larger engineering investment.

Pingora project

Design decisions

Pingora is written in Rust for memory safety without sacrificing performance. Cloudflare built its own HTTP library instead of using existing ones to maximise flexibility and handle non‑RFC‑compliant traffic. A multithreaded model with work‑stealing and the Tokio runtime enables efficient connection sharing.

Pingora provides a programmable request‑lifecycle interface similar to NGINX/OpenResty, allowing developers to add filters or reject requests easily.

Pingora is faster in production

Median TTFB improved by 5 ms and the 95th percentile by 80 ms. Shared‑thread connection pools increase reuse, cutting new connections to one‑third of the previous service and raising reuse rate from 87.1 % to 99.92 % for a major client, saving an estimated 434 years of handshake time per day.

More efficient

Pingora uses about 70 % less CPU and 67 % less memory under the same load. Rust code runs faster than the previous Lua implementation, and the multithreaded architecture reduces lock contention and eliminates costly TLS handshakes.

More secure

Rust’s memory‑safety guarantees prevent undefined behaviour, allowing faster feature development without crashes. Since its launch, Pingora has processed trillions of requests without a service‑code‑induced crash.

Conclusion

Cloudflare now operates a faster, more efficient and more versatile internal proxy that serves as a platform for current and future products, with plans to open‑source it and share further technical details.