18 September 2022

Cloudflare's new proxy server, Pingora, has the potential to dethrone Nginx from its reverse proxy function.

Pingora is a new HTTP proxy server built internally by Cloudflare with the intention of making it open-source in the future.

Few companies can compete with Cloudflare's expertise in serving massive web traffic.

To make things more precise, we'll say this: Cloudflare handles over 10% of all global HTTP / HTTPS Internet traffic. In addition, globally, the Cloudflare network serves over 25 million HTTP requests per second and it's used by almost 80% of all websites that use reverse proxy services.


So, one thing is certain: the company has faced colossal traffic loads and pushed the capabilities of modern technology to the limit.

As a reverse proxy Proxying the traffic between the Cloudflare network and servers on the Internet, Nginx has been a vital part of CloudFlare's architecture, until now, also taking into account the important improvements and optimizations they have made in implementing HTTP / 2 and the "new" QUIC or HTTP / 3 although still unofficially as official QUIC support has yet to be officially included by NGINX.

With Cloudflare's scaling, we have surpassed NGINX. It has been great for many years, but over time its limitations to our scaling needs have meant building something new that made sense. We could no longer get the performance we needed, nor did NGINX have the functionality we needed for our very complex environment.

Hence, it appears that NGINX's limit (for CloudFlare's very special needs) has also been reached and the company recently unveiled its internal solution in search of a superior option. Introducing Pingora, a new HTTP proxy server developed by Cloudflare.

The announcement tweeted on Twitter on September 14 speaks volumes:

What is Pingora HTTP Proxy Server

Pingora is a new in-house built HTTP proxy server by Cloudflare, written in the Rust programming language. Its development was driven by the need to improve and expand the capabilities Nginx offers for Cloudflare's global network demands.

Why RUST? Because it can achieve the same performance and features as what C can safely do for memory without sacrificing performance. Security issues such as Buffer Overflow, Stack Overflow, Heap Overflow, dynamic memory allocation, and core language limitations such as C, fail with RUST.

As you probably know, some Linux kernel components are also currently being considered for the transition to Rust-based development.

According to data from CloudFlare, Pingora fully meets expectations and surpasses Nginx previously used in its role as a reverse proxy. Here's what the numbers show.

Pingora serves over 1 trillion requests per day through Cloudflare's global network. However, compared to Nginx, in production, it shows a reduction of 5 ms on the median TTFB (Time to First Byte). The improved performance is due to the new Pingora architecture, which allows all threads to share connections compared to NGINX which allowed the reuse of connections only on the same Worker and therefore limiting the possibilities of recycling connections which necessarily led to continuous renegotiation of connections and computationally expensive important Thee Way Handshake with the cost of also renegotiating SSL for HTTPS and all the additional latency.

Pingora NGINX

Furthermore, precisely because of this reason, Pingora consumes about 70% less CPU and 67% less memory than the previous Cloudflare solution with the same level of traffic. Additionally, CloudFlare engineers say that implementing new features in Pingora is considerably easier than in Nginx thanks to the server's intuitive interface.

These factors lead us to conclude that Pingora has all the features necessary to dethrone Nginx as the most chosen reverse proxy software.

What can we expect from Pingora in the future?

Now comes the time when we need to make the most significant clarification possible. As you know, our media covers only free and open source software. However, unfortunately, Pingora is currently a closed-source project developed internally by Cloudflare.

Therefore, the entire article wouldn't exist without the following statement from the official announcement, which got us excited:

We'll come back with more technical details on the issues we've faced, the optimizations we've applied, and the lessons we've learned from creating Pingora and launching it to power a significant portion of the internet. We will also come back with our plan to make it open source.

We can only add that we believe that moving Pingora's code to an open source approach will help it skyrocket its popularity in both the open source and business segments. So, we can't wait for this to happen and will keep you updated on any changes.

Those interested in learning more about the Pingora HTTP Proxy Server can do so by visiting theCloudflare's official announcement .


Without a doubt, Pingora is an exciting project with the potential to change many aspects of the web. But an analogy keeps popping up in our heads as if history repeats itself.

In 2001,  Igor Sysoev , dissatisfied with performance  of the Apache Web Server  and of the design concept on which it was built, he developed his internal project, especially for the company where he worked. He gave the project the strange abbreviation  Nginx .

Three years later, in 2004, the project switched to an open source model. The rest is history.

Today, 21 years later,  the king of web servers  faces the same challenge. Cloudflare's Pingora HTTP proxy server aims to exceed the limits set by Nginx. Will they open source it and become the new dominant force in web content distribution? We can't wait to find out.

In Managed Server, however, we want to make some clarifications and clarifications regarding the situation presented by CloudFlare which, although it brings a lot of enthusiasm, trust and hope for the future (hopefully near), tries to submit to the reader only and exclusively their very personal story.

First of all, it must necessarily be said that CloudFlare does not provide direct Hosting and Web Server services and therefore it is peaceful and reasonable to develop a reverse proxy from scratch that could overcome the architectural limits of NGINX and its performance. Let's think for example of the limit of the reuse of the connection on a single Worker that cannot be reused on different workers and therefore find a lower "Hit ratio" as the number of Workers increases with all the consequence of the renegotiation of SSL for example.

In a classic and standard environment such as that of a Hosting Provider you will always have to deal with a classic web server such as NGINX, for example, or OpenResty (in turn, however, built on NGINX) taking into account the architectural limits of the same as a server. web itself. For many years now it has been objectively recognized that G-WAN Web Server has much more performance than the still excellent NGINX.

Envoy Proxy

With regard to wanting to rewrite a reverse proxy from Zero, calibrated to the needs of the company, it is certainly a very good thing (especially if it will be released in Open Source mode), however even Reverse Proxy in Open Source production such as Envoy could have easily done the case by going to elegantly solve the problems that Pingora would seem to solve.

For our part, we will fearlessly wait for the Open Source release at least to test it in the field and evaluate a possible production start to replace the Envoy that we already use for customers with enterprise plans.


Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.


Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.


Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top