Pingora: build fast, reliable and programmable networked systems
245 points by KajMagnus 1 year ago | 43 comments- ttrrooppeerr 1 year agoTheir, at the time, blog post announcement about Pingora: https://blog.cloudflare.com/how-we-built-pingora-the-proxy-t...
- mcpherrinm 1 year agoAnd a current blog post announcing the Open-sourcing: https://blog.cloudflare.com/pingora-open-source
- dukeoptamus 1 year agoThe current announcement: https://blog.cloudflare.com/pingora-open-source
- mcpherrinm 1 year ago
- dang 1 year agoRelated:
Cloudflare has replaced Nginx with in-house, Rust-written Pingora - https://news.ycombinator.com/item?id=32864119 - Sept 2022 (141 comments)
Pingora, the proxy that connects Cloudflare to the Internet - https://news.ycombinator.com/item?id=32836661 - Sept 2022 (123 comments)
- lewisl9029 1 year agoHave been looking forward to this release for quite a while! Huge props to the Cloudflare team for putting this out there!
I've been operating a cluster of NGINX nodes on Fly.io and using njs (NGINX's custom JS scripting engine) for all of my custom routing logic, and have been really feeling the limitations (had to spin up a separate companion app in nodejs to work around some of these). Having access to the entirety of the Rust language and ecosystem to customize routing behavior sounds incredibly compelling!
I did a quick scan over the codebase and couldn't see anything around disk caching like in NGINX, only memory caching. Curious if Cloudflare is operating all their production nodes with memory caching as opposed to disk caching at the moment?
I'd love to see an option for disk caching for use cases that are a bit more cost sensitive.
- jpgvm 1 year agoTheir cache is likely an entirely different per-PoP service that operates as a network service.
- jpgvm 1 year ago
- inapis 1 year agoso in a quick glance, this does not look like nginx/caddy. It is not a binary you download, install and just configure to talk to your upstream servers. Rather a set of packages which you assemble to fulfill a particular use case. You basically end up writing a "new" reverse proxy just for your use case.
Not sure how useful this would be for anyone except very large businesses or someone like cloudflare itself.
- mcpherrinm 1 year agoRiver is going to be a fully-featured reverse proxy product built on top of Pingora:
https://www.memorysafety.org/blog/introducing-river/
It's mentioned briefly in the Cloudflare blog post. I'd expect that if you're a current nginx or other proxy, River is what you'd want as an alternative.
One of the big things I'm excited about in the River plan is the ability to use wasm for scripting, which should make it relatively easy to extend.
- mkeedlinger 1 year agoCan't wait! I've currently settled on Caddy as my reverse proxy, but something rust based and extended with wasm would be great
- derekperkins 1 year agoI'm surprised Envoy isn't mentioned anywhere
- mkeedlinger 1 year ago
- paulgb 1 year agoOne reason I'm excited about this is that it appears to let you write arbitrary routing logic into a layer 7 proxy. This is something we had to build for https://plane.dev and it would have been nicer to use something like this, but we couldn't find anything like it at the time.
- wongarsu 1 year agoFrom their quickstart and user guide it doesn't look too verbose. For anyone whose config has reached the point where you are wondering whether it would be easier to express in code, this might be a good product to try.
Or if you run shared hosting or some other scenario where you are effectively maintaining your server configuration twice: once for the actual server and once in the database for your dashboard and other services. This would allow you to just read the config from the canonical source, instead of risking bugs when the two configs diverge.
- egnehots 1 year agofrom their doc, Reasons to use Pingora:
- Security is your top priority: Pingora is a more memory safe alternative for services that are written in C/C++.
- Your service is performance-sensitive: Pingora is fast and efficient.
- Your service requires extensive customization: The APIs Pingora proxy framework provides are highly programmable.
- mcpherrinm 1 year ago
- eptcyka 1 year agoWould be cool of it was possible to use this with rustls. But I assume they didn't use it since i rustls o ly focuses on TLS 1.3 and does not support anything lower.
- phicoh 1 year agoRustls claims to support TLS 1.2 as well (https://github.com/rustls/rustls)
- mcpherrinm 1 year agoBeing able to use rustls as a drop-in replacement for openssl is on their roadmap: https://github.com/rustls/rustls/blob/main/ROADMAP.md#future...
So that'll certainly one option in the future.
- heinrich5991 1 year agoPermalink (press 'y' anywhere on GitHub): https://github.com/rustls/rustls/blob/425b5272901d60a4e3d18d....
- heinrich5991 1 year ago
- phicoh 1 year ago
- throwaway63467 1 year agoNice! It seems HTTP/3 isn’t mentioned or supported, which is weird as they offer HTTP/3 support in their cloud service and have their own QUIC implementation. Haven’t looked in detail so maybe it’s just missing from the readme or they didn’t open-source it (yet).
- pornel 1 year agoCloudflare uses QUIC on the browser<->cdn side, but Pingora sits on the cdn<->server side.
That side of the connection usually isn't going over slow and lossy mobile networks, so QUIC isn't that useful there.
- gideontong 1 year agoHTTP/3 is on the roadmap!
- pornel 1 year ago
- jamesear 1 year agoCloudflare work on some cool stuff! It's a shame they don't hire for software engineer positions in Australia.
- adamch 1 year agoThere are some CF SWEs in Australia. But few teams are willing to work across 3 timezones. The SRE teams might be more open to hiring, as there's a big SRE presence in Singapore.
- adamch 1 year ago
- Sytten 1 year agoI had been waiting on that for a couple years since they first talked about it in their blog. Congrats!
- KajMagnus 1 year agoMe too! Nginx (written in C) sometimes have can't-happen-in-Rust major severity vulnerabilities, one just recently: https://nginx.org/en/security_advisories.html (related to HTTP3)
- ramp6 1 year agoBad take, Those where in preview features (aka should not be used in prod and behind a feature gate)
- ramp6 1 year ago
- KajMagnus 1 year ago
- diarrhea 1 year agoVery cool. Would play around with this in a heartbeat in the home lab, but Caddy's automatic HTTPS (ACME HTTP-01 and DNS-01 challenges) would be sorely missed.
I suppose one can supplement certbot in this setup? Or use the "highly programmable" APIs Pingora provides directly?
- hermanradtke 1 year agocert it via cron that uses the graceful upgrade functionality should work
https://github.com/cloudflare/pingora/blob/main/docs/quick_s...
- hermanradtke 1 year ago
- bogwog 1 year ago
- petsfed 1 year agohttps://en.wikipedia.org/wiki/Pingora_Peak
Its an indigenous word, but probably not the indigenous name for the mountain. I've heard it means "high, rocky and inaccessible peak" in Shoshoni. Popo Agie (pronounced puh-poe-zha) Tower was proposed, but there are dozens of Popo Agie things already (the Popo Agie river runs from the Wind River range, through Sinks Canyon into nearby Lander, Wyoming), so the USGS insisted on a more distinct name.
- petsfed 1 year ago
- 1 year ago
- samin5489 1 year ago[dead]
- sanxiyn 1 year agoI heard that when Cloudbleed happened, Cloudflare CTO declared that there will be no more new projects in C or C++, and that's how it happened. Needless to say, lots of time and money were wasted.
- pornel 1 year agoBefore Rust, most features had to be built on top of nginx, and had to carefully balance performance overhead of Lua (openresty) vs risks and maintenance costs of C modules or patching nginx itself.
The switch to Rust has been very positive overall, because it allowed Cloudflare to tackle much more ambitious projects, and own its entire stack.
- sophacles 1 year agoDo you have any evidence for any of the parts of your statement? Those are some big claims and some evidence is warranted - rumors can say just about anything and usually are far from the full truth (and often completely false).
- sanxiyn 1 year ago
- uo21tp5hoyg 1 year ago> I was right: it was a risk, and it did slow us down. However, by being forced to use Rust, we ended up with a better design that was safer and easier to debug, and it was just as fast as the C++ equivalent. In the long run, it was a massive win. We’re all in love with Rust now, and 5 years later we’ve replaced nearly all of our non-Rust code (mostly Go) with faster, safer, and better-architected Rust equivalents.
Seems like a win?
- uo21tp5hoyg 1 year ago
- sanxiyn 1 year ago
- pas 1 year ago> Needless to say, lots of time and money were wasted.
it might be needless, but for those of us not in the know, could you elaborate on that please? what ended up as waste? why? altogether was it worth it?
- sanxiyn 1 year agoThese kinds of top down directives are almost always wasteful, because they ignore local situations. It could have been case by case decisions, considering cost and benefit.
Now I understand why this is politically difficult, but it still resulted in suboptimal technical decisions, and ill will against Rust, which is unfortunate.
- rapsey 1 year agoI would imagine cloudbleed shook the company severely. I doubt the decision to abandon C/C++ caused a lot of ill will within the company. Considering the level of exposure Cloudflare software has, it is I think a very level headed decision.
- 1 year ago
- pas 1 year agosorry, but for me this is still heavily [citation needed]
sure CTO says something, but what exactly happened? do we know? you wrote that no new C/C++ projects were started. that to me sounds perfectly reasonable phase-out.
- rapsey 1 year ago
- diarrhea 1 year agoThis person seems to be a Rust contributor, so if this isn't a jab against Rust, I'm not sure what their point is.
- sanxiyn 1 year ago
- _joel 1 year agoNo.
- pornel 1 year ago