# Pingora — Fast Programmable HTTP Proxy Framework by Cloudflare > Pingora is a Rust framework for building fast, reliable, and programmable network services. Open-sourced by Cloudflare, it powers a significant portion of their HTTP traffic, handling over a trillion requests daily across the global network. ## Install Save as a script file and run: # Pingora — Fast Programmable HTTP Proxy Framework by Cloudflare ## Quick Use ```bash cargo add pingora pingora-proxy ``` ```rust use pingora::prelude::*; // Build a custom load balancer or gateway in a few hundred lines of Rust. ``` ## Introduction Pingora is an open-source Rust framework created by Cloudflare for building fast, reliable, and programmable network proxies and services. It replaces their legacy C-based proxy and is designed to give developers fine-grained control over every phase of the HTTP request lifecycle while maintaining memory safety and high performance. ## What Pingora Does - Provides an async framework for building HTTP/1, HTTP/2, and gRPC proxies - Offers programmable request and response filters at each proxy phase - Handles connection pooling, TLS termination, and graceful restarts out of the box - Supports custom load-balancing strategies and health checking - Enables building gateways, caching proxies, and security middleware in Rust ## Architecture Overview Pingora is built on top of Tokio and uses a multi-threaded async architecture with work-stealing. It models the proxy lifecycle as a series of filter phases (request_filter, upstream_peer, response_filter, etc.) that developers implement via traits. Connection pools are shared across threads, and the framework supports zero-downtime upgrades by passing listening sockets between old and new processes via Unix domain sockets. ## Self-Hosting & Configuration - Requires Rust 1.72+ toolchain to build from source - Configuration is done in code via Rust structs, not YAML or config files - TLS certificates are loaded at startup; supports hot-reloading via the upgrade mechanism - Can run as a systemd service or inside a container - Logging integrates with the tracing crate ecosystem ## Key Features - Memory-safe proxy framework with no garbage collection pauses - Sub-millisecond latency overhead per proxied request - Built-in connection pooling with configurable keep-alive and reuse policies - Zero-downtime graceful restart and live upgrade support - Extensible filter-phase architecture for custom proxy logic ## Comparison with Similar Tools - **Envoy** — C++ proxy with YAML config; Pingora offers compile-time safety and Rust-native extensibility - **Nginx** — Mature C-based server; Pingora provides a programmable framework rather than a config-driven server - **HAProxy** — High-performance load balancer; Pingora trades config simplicity for full code-level control - **Traefik** — Go-based reverse proxy with auto-discovery; Pingora targets lower-level proxy framework use cases ## FAQ **Q: Do I need to know Rust to use Pingora?** A: Yes. Pingora is a Rust library, so building proxies with it requires writing Rust code and understanding async programming. **Q: Can Pingora replace Nginx for a simple reverse proxy?** A: It can, but Pingora is a framework rather than a drop-in server. For simple setups, Nginx or Caddy may be easier to configure. **Q: Does Pingora support HTTP/3 and QUIC?** A: HTTP/3 support is under active development. HTTP/1 and HTTP/2 are fully supported today. **Q: How does Pingora handle TLS?** A: It uses OpenSSL or BoringSSL for TLS termination, with support for SNI-based certificate selection and mutual TLS. ## Sources - https://github.com/cloudflare/pingora - https://blog.cloudflare.com/pingora-open-source --- Source: https://tokrepo.com/en/workflows/9391fa74-4105-11f1-9bc6-00163e2b0d79 Author: Script Depot