Appreciate that! That exact failure mode is why I went with out-of-process agent... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		raskelll 12 days ago \| parent \| context \| favorite \| on: Show HN: Sentinel – a Pingora-based reverse proxy ... Appreciate that! That exact failure mode is why I went with out-of-process agents. A bit like Envoy's ext_proc filter. Sentinel treats agents like separate services (timeouts, circuit-break-ish behavior, w/ explicit fail-open/fail-closed choice), so a crash/hang in WAF/auth shouldn’t take the data plane with it. Out of curiosity: when the nginx module bit you, was it mainly crashes, memory leaks, or latency spikes under load?

		help

wasuli_official 12 days ago [–]

Memory leaks mostly. Ran ModSecurity and memory would creep up over days until we hit OOM. Ended up with scheduled restarts as a band-aid which felt wrong.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact