Cloudflare just got faster and more secure, powered by Rust
2025-09-26
We’ve replaced the original core system in Cloudflare with a new modular Rust-based proxy, replacing NGINX. ...
Continue reading »
Upgrading one of the oldest components in Cloudflare’s software stack
2023-03-31
Engineers at Cloudflare have improved the release procedure of our largest edge proxy server. The improved process allows us to significantly decrease the amount of memory used during the version upgrade. As a result, we can deploy code faster and more reliably...
ROFL with a LOL: rewriting an NGINX module in Rust
2023-02-24
Cloudflare engineers rewrote cf-html, an old NGINX module, in Rust. This project revealed much about NGINX, potentially leading to its full replacement in Cloudflare's infrastructure....
How we built Pingora, the proxy that connects Cloudflare to the Internet
2022-09-14
Today we are excited to talk about Pingora, a new HTTP proxy we’ve built in-house using Rust that serves over 1 trillion requests a day...
Keepalives considered harmful
2020-03-19
You’d think keepalives would always be helpful, but turns out reality isn’t always what you expect it to be. It really helps if you read Why does one NGINX worker take all the load? first....
MORE POSTS
March 18, 2020 12:00 PM
The problem with thread^W event loops
Back when Cloudflare was created, the dominant HTTP server used to power websites was Apache httpd. However, we decided to build our infrastructure using the then relatively new NGINX server....
- By
October 17, 2019 2:00 PM
Experiment with HTTP/3 using NGINX and quiche
Just a few weeks ago we announced the availability on our edge network of HTTP/3, the new revision of HTTP intended to improve security and performance on the Internet. Everyone can now enable HTTP/3 on their Cloudflare zone...
- By
May 22, 2019 5:14 PM
NGINX structural enhancements for HTTP/2 performance
My team: the Cloudflare PROTOCOLS team is responsible for termination of HTTP traffic at the edge of the Cloudflare network. We deal with features related to: TCP, QUIC, TLS and Secure Certificate management, HTTP/1 and HTTP/2....
- By
February 15, 2019 5:09 PM
SEO Best Practices with Cloudflare Workers, Part 2: Implementing Subdomains
In Part 1, the pros and cons of subdirectories vs subdomains were discussed. The subdirectory strategy is typically superior to subdomains since subdomains suffer from keyword and backlink dilution. ...
- By
February 15, 2019 5:09 PM
SEO Best Practices with Cloudflare Workers, Part 1: Subdomain vs. Subdirectory
Alice and Bob are budding blogger buddies who met up at a meetup and purchased some root domains to start writing. Alice bought aliceblogs.com and Bob scooped up bobtopia.com....
- By
November 29, 2018 9:54 AM
Know your SCM_RIGHTS
As TLS 1.3 was ratified earlier this year, I was recollecting how we got started with it here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago. It was a very important decision, and we took it very seriously....
- By
October 12, 2018 12:00 PM
Optimizing HTTP/2 prioritization with BBR and tcp_notsent_lowat
Getting the best end-user performance from HTTP/2 requires good support for resource prioritization. While most web servers support HTTP/2 prioritization, getting it to work well all the way to the browser requires a fair bit of coordination across the networking stack....
- By
July 31, 2018 3:00 PM
How we scaled nginx and saved the world 54 years every day
10 million websites, apps and APIs use Cloudflare to give their users a speed boost. At peak we serve more than 10 million requests a second across our 151 data centers. Over the years we’ve made many modifications to our version of NGINX to handle our growth. This is blog post i...
- By
March 06, 2018 1:00 PM
HTTP Analytics for 6M requests per second using ClickHouse
One of our large scale data infrastructure challenges here at Cloudflare is around providing HTTP traffic analytics to our customers. HTTP Analytics is available to all our customers via two options:...
- By
January 18, 2018 12:06 PM
However improbable: The story of a processor bug
Processor problems have been in the news lately, due to the Meltdown and Spectre vulnerabilities. But generally, engineers writing software assume that computer hardware operates in a reliable, well-understood fashion, and that any problems lie on the software side of the softwar...
- By
December 11, 2017 2:00 PM
The end of the road for Server: cloudflare-nginx
Six years ago when I joined Cloudflare the company had a capital F, about 20 employees, and a software stack that was mostly NGINX, PHP and PowerDNS (there was even a little Apache). ...
- By
November 07, 2017 10:15 AM
Perfect locality and three epic SystemTap scripts
In a recent blog post we discussed epoll behavior causing uneven load among NGINX worker processes. We suggested a work around - the REUSEPORT socket option....
- By
October 23, 2017 12:57 PM
Why does one NGINX worker take all the load?
Scaling up TCP servers is usually straightforward. Most deployments start by using a single process setup. When the need arises more worker processes are added. ...
- By
November 28, 2016 2:10 PM
HPACK: the silent killer (feature) of HTTP/2
If you have experienced HTTP/2 for yourself, you are probably aware of the visible performance gains possible with HTTP/2 due to features like stream multiplexing, explicit stream dependencies, and Server Push. ...
- By
May 13, 2016 9:55 AM
Open sourcing our NGINX HTTP/2 + SPDY code
In December, we released HTTP/2 support for all customers and on April 28 we released HTTP/2 Server Push support as well....
- By