Pingora — Fast Programmable HTTP Proxy Framework by Cloudflare

Introduction

Pingora is an open-source Rust framework created by Cloudflare for building fast, reliable, and programmable network proxies and services. It replaces their legacy C-based proxy and is designed to give developers fine-grained control over every phase of the HTTP request lifecycle while maintaining memory safety and high performance.

What Pingora Does

• Provides an async framework for building HTTP/1, HTTP/2, and gRPC proxies
• Offers programmable request and response filters at each proxy phase
• Handles connection pooling, TLS termination, and graceful restarts out of the box
• Supports custom load-balancing strategies and health checking
• Enables building gateways, caching proxies, and security middleware in Rust

Architecture Overview

Pingora is built on top of Tokio and uses a multi-threaded async architecture with work-stealing. It models the proxy lifecycle as a series of filter phases (request_filter, upstream_peer, response_filter, etc.) that developers implement via traits. Connection pools are shared across threads, and the framework supports zero-downtime upgrades by passing listening sockets between old and new processes via Unix domain sockets.

Self-Hosting & Configuration

• Requires Rust 1.72+ toolchain to build from source
• Configuration is done in code via Rust structs, not YAML or config files
• TLS certificates are loaded at startup; supports hot-reloading via the upgrade mechanism
• Can run as a systemd service or inside a container
• Logging integrates with the tracing crate ecosystem

Key Features

• Memory-safe proxy framework with no garbage collection pauses
• Sub-millisecond latency overhead per proxied request
• Built-in connection pooling with configurable keep-alive and reuse policies
• Zero-downtime graceful restart and live upgrade support
• Extensible filter-phase architecture for custom proxy logic

Comparison with Similar Tools

• Envoy — C++ proxy with YAML config; Pingora offers compile-time safety and Rust-native extensibility
• Nginx — Mature C-based server; Pingora provides a programmable framework rather than a config-driven server
• HAProxy — High-performance load balancer; Pingora trades config simplicity for full code-level control
• Traefik — Go-based reverse proxy with auto-discovery; Pingora targets lower-level proxy framework use cases

FAQ

Q: Do I need to know Rust to use Pingora? A: Yes. Pingora is a Rust library, so building proxies with it requires writing Rust code and understanding async programming.

Q: Can Pingora replace Nginx for a simple reverse proxy? A: It can, but Pingora is a framework rather than a drop-in server. For simple setups, Nginx or Caddy may be easier to configure.

Q: Does Pingora support HTTP/3 and QUIC? A: HTTP/3 support is under active development. HTTP/1 and HTTP/2 are fully supported today.

Q: How does Pingora handle TLS? A: It uses OpenSSL or BoringSSL for TLS termination, with support for SNI-based certificate selection and mutual TLS.

Sources

• https://github.com/cloudflare/pingora
• https://blog.cloudflare.com/pingora-open-source