Show HN: Sentinel – a Pingora-based reverse proxy (inspired by River) (sentinel.raskell.io)

8 points by raskelll ↗ HN
I’d been watching River (Pingora-based) and hoping it would mature, because I think Rust + Pingora (from Cloudflare) is a really solid foundation for a future-proof reverse proxy. Progress stayed quiet, so I started building the “practical reverse proxy layer” on top of Pingora myself: config/routing + operational defaults + a way to plug in extra request/response logic without patching the core.

Sentinel: https://github.com/raskell-io/sentinel

River: https://github.com/memorysafety/river

Quick try:

curl -fsSL https://getsentinel.raskell.io | sh

If you’ve operated proxies: what’s one default you’d change to make them less surprising (timeouts, retries, header handling, etc.)?

3 comments

[ 2.8 ms ] story [ 18.7 ms ] thread
The agent architecture is clever. Crash isolation for WAF/auth means a buggy plugin cant take down the proxy, which has bitten me with nginx modules before.
I’m building a multi-tenant business app (auth, roles, invoicing, time tracking). Curious whether you see Sentinel agents as a good place for tenant-aware auth / RBAC enforcement (e.g. fail-closed auth agent, fail-open observability agent), or if you’d still keep that strictly in-app.