Show HN: Sentinel – a Pingora-based reverse proxy (inspired by River)(sentinel.raskell.io)
6 pointsby raskelll9 hours ago3 comments
  • erdemkoca4 hours ago
    I’m building a multi-tenant business app (auth, roles, invoicing, time tracking). Curious whether you see Sentinel agents as a good place for tenant-aware auth / RBAC enforcement (e.g. fail-closed auth agent, fail-open observability agent), or if you’d still keep that strictly in-app.
    • raskelllan hour ago
      Good fit for coarse auth at the edge (who is this? what tenant? basic scopes, and so on). I’d still keep object-level/domain rules in-app. Fail-closed for auth, fail-open for observability is the right mental model. Biggest multi-tenant footguns are header spoofing + tenant-unaware caching. The proxy should own identity headers and include tenant in any cache key.
  • wasuli_official5 hours ago
    The agent architecture is clever. Crash isolation for WAF/auth means a buggy plugin cant take down the proxy, which has bitten me with nginx modules before.
    • raskelll5 hours ago
      Appreciate that! That exact failure mode is why I went with out-of-process agents. A bit like Envoy's ext_proc filter. Sentinel treats agents like separate services (timeouts, circuit-break-ish behavior, w/ explicit fail-open/fail-closed choice), so a crash/hang in WAF/auth shouldn’t take the data plane with it.

      Out of curiosity: when the nginx module bit you, was it mainly crashes, memory leaks, or latency spikes under load?

      • wasuli_official3 hours ago
        Memory leaks mostly. Ran ModSecurity and memory would creep up over days until we hit OOM. Ended up with scheduled restarts as a band-aid which felt wrong.
  • hotbird8 hours ago
    [dead]