docker.recipes

Pingora

advanced

Cloudflare's HTTP proxy framework written in Rust.

Overview

Pingora is Cloudflare's high-performance HTTP proxy framework written in Rust, designed to handle massive scale internet traffic with superior memory safety and performance characteristics. Born from Cloudflare's need to replace nginx in their infrastructure, Pingora now powers over 1 trillion daily requests across their global network, demonstrating production-ready reliability at unprecedented scale. The framework leverages Rust's ownership model to eliminate memory leaks and provide fearless concurrency, while supporting HTTP/1.1, HTTP/2, and gRPC protocols natively. This containerized deployment brings enterprise-grade proxy capabilities to any infrastructure through Cloudflare's open-source release of their internal proxy technology. Pingora's async/await architecture enables efficient connection pooling, multiplexing, and reuse patterns that dramatically reduce resource consumption compared to traditional proxy solutions. The framework's programmable nature allows developers to implement custom proxy logic directly in Rust, enabling sophisticated traffic manipulation, load balancing algorithms, and request transformation pipelines. Developers building high-traffic applications, platform engineers managing microservice architectures, and organizations requiring custom proxy behaviors will find exceptional value in Pingora's combination of performance and programmability. Unlike configuration-driven proxies, Pingora enables compile-time optimization of proxy logic, resulting in deterministic performance characteristics and elimination of runtime configuration parsing overhead. This makes it particularly valuable for scenarios requiring consistent low-latency responses and predictable resource utilization patterns.

Key Features

  • Rust-native memory safety eliminating segfaults and memory leaks common in C-based proxies
  • Async connection pooling with intelligent reuse reducing connection establishment overhead
  • Native HTTP/2 server push support with priority-aware stream multiplexing
  • Programmable request/response transformation through Rust trait implementations
  • Zero-copy buffer management for minimal memory allocation during request processing
  • Built-in circuit breaker patterns with configurable failure thresholds and recovery strategies
  • gRPC proxy capabilities with protocol buffer introspection and modification
  • Compile-time proxy logic optimization eliminating runtime configuration parsing costs

Common Use Cases

  • 1High-frequency trading platforms requiring sub-millisecond proxy latencies with deterministic performance
  • 2Microservice mesh gateways needing custom authentication and request routing logic
  • 3CDN edge servers handling millions of concurrent connections with minimal memory footprint
  • 4API rate limiting implementations requiring complex throttling algorithms beyond token buckets
  • 5Real-time streaming applications needing intelligent connection multiplexing and backpressure handling
  • 6Multi-tenant SaaS platforms requiring tenant-aware request transformation and routing
  • 7IoT device management systems processing high-volume telemetry data through proxy aggregation

Prerequisites

  • Minimum 2GB RAM recommended for handling moderate traffic loads with connection pooling
  • Docker Engine 20.10+ with BuildKit support for Rust multi-stage build optimizations
  • Basic Rust programming knowledge for implementing custom proxy logic and request handlers
  • Understanding of HTTP/2 multiplexing concepts for optimal stream priority configuration
  • Network topology planning for ports 80/443 exposure and upstream service connectivity
  • SSL/TLS certificate management experience for HTTPS termination and backend encryption

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  pingora: 
3    image: ghcr.io/cloudflare/pingora:latest
4    container_name: pingora
5    restart: unless-stopped
6    volumes: 
7      - ./pingora/config:/etc/pingora:ro
8    ports: 
9      - "80:80"
10      - "443:443"
11    networks: 
12      - pingora-network
13
14networks: 
15  pingora-network: 
16    driver: bridge

.env Template

.env
1# Pingora configuration

Usage Notes

  1. 1Docs: https://github.com/cloudflare/pingora
  2. 2Cloudflare's production proxy powering 1T+ daily requests
  3. 3Written in Rust for memory safety and performance
  4. 4HTTP/1, HTTP/2, gRPC support out of the box
  5. 5Programmable via Rust - build custom proxy logic
  6. 6Async/await design with connection pooling and reuse

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  pingora:
5    image: ghcr.io/cloudflare/pingora:latest
6    container_name: pingora
7    restart: unless-stopped
8    volumes:
9      - ./pingora/config:/etc/pingora:ro
10    ports:
11      - "80:80"
12      - "443:443"
13    networks:
14      - pingora-network
15
16networks:
17  pingora-network:
18    driver: bridge
19EOF
20
21# 2. Create the .env file
22cat > .env << 'EOF'
23# Pingora configuration
24EOF
25
26# 3. Start the services
27docker compose up -d
28
29# 4. View logs
30docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/pingora/run | bash

Troubleshooting

  • Connection refused errors on startup: Verify port 80/443 aren't bound by other services and check iptables rules blocking container network access
  • High memory usage during traffic spikes: Adjust connection pool size limits and enable memory profiling to identify buffer retention issues in custom handlers
  • HTTP/2 stream errors with multiplexed requests: Check upstream server HTTP/2 compatibility and configure stream concurrency limits in Pingora settings
  • Rust compilation failures when building custom logic: Ensure Cargo.toml dependencies match Pingora framework version and enable proper feature flags
  • SSL handshake timeouts with HTTPS traffic: Verify certificate chain completeness and check if cipher suites are properly configured for client compatibility

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

pingora

Tags

#pingora#cloudflare#rust#proxy#performance

Category

Web Servers & Reverse Proxies

Related Recipes

Ad Space