Cloudflare rewrites Nginx C modules in Rust, building a future without Nginx

As reported last year, Cloudflare is replacing Nginx with Pingora, which is written internally in Rust, with the goal of building a faster, more efficient, and more general-purpose internal proxy to serve as a platform for Cloudflare’s current and future products. But Cloudflare’s infrastructure is huge and consists of many different services.

Recently, Cloudflare engineers introduced how to use Rust to rewrite the Nginx module based on C language. Cloudflare engineers blogged about writing a replacement in Rust for the oldest and least known part of Cloudflare’s infrastructure – cf-html. This is an Nginx module that lives inside Cloudflare’s core reverse web proxy, also known as FL (Front Line).

FL runs most of the logic for Cloudflare’s application services, so this replacement was definitely more challenging. Cloudflare says completing this work paves the way for them to get rid of Nginx entirely. In the future, they will continue to gradually replace the components used to run the Nginx/OpenResty proxy, or the components that can be completed without investing a lot of development resources on the self-developed platform, so as to build a future without Nginx (A future without NGINX).

Cloudflare engineers love the Rust language very much, and they finally talked about the benefits of Rust: “Most people think that the security of programming languages ​​​​is mainly used to prevent bugs, but for a company, we found that the security advantages of programming languages ​​​​are also It can be used to complete some functional requirements that are considered very difficult or impossible to implement safely. For example, providing a filtering language similar to Wireshark to write firewall rules, allowing millions of users to write arbitrary JavaScript code and run it directly on our platform, and rewriting HTML responses on the fly. In doing so, Rust provides these services with strict execution boundaries, making the impossible possible. At the same time, Rust makes the memory safety issues that plagued the industry in the past increasingly a thing of the past.”

The text and pictures in this article are from the OSC open source community


This article is transferred from
This site is only for collection, and the copyright belongs to the original author.