River Reverse Proxy

Prossimo Initiative
River Reverse Proxy logo

The Story

Just about every significantly-sized deployment on the Internet makes use of reverse proxy software, and the most commonly deployed reverse proxy software is not memory safe. This means that most deployments have millions of lines of C and C++ handling incoming traffic at the edges of their networks, a risk that needs to be addressed if we are to have greater confidence in the security of the Internet.

In order to change this, Prossimo is investing in new reverse proxy software called River, which will offer excellent performance while reducing the chance of memory safety vulnerabilities to near zero. Some of its most compelling features:

  • Built on Cloudflare's Pingora framework, which is already serving huge amounts of traffic for Cloudflare. This gives us confidence that the underlying network internals are ready for the real world.
  • Better connection reuse than proxies like Nginx due to a multithreading model, which greatly improves performance.
  • WASM-based scriptability means scripting will be performant and River will be scriptable in any language that can compile to WASM.
  • Simple configuration, as we’ve learned some lessons from configuring other software for the past couple of decades.
  • It’s written in Rust so you can deploy without worrying about memory safety issues.

What We've Done

  • Prior to Pingora becoming open source, and in cooperation with Cloudflare, we contracted with James Munns of OneVariable to create an architectural plan for building the River reverse proxy on top of Pingora, which has been completed and can be seen in the GitHub repository.
  • Cloudflare open sourced Pingora, their network services framework written in Rust, in February of 2024.
  • James Munns started work on the initial implementation under contract with ISRG in March of 2024.
  • The latest release, v0.5.0, was made available on August 30, 2024. River now has load balancing support, rate limiting, configuration using KDL, support for serving static files, graceful reloads, and CIDR range based blocking.

What's Next

Development is proceeding per the roadmap. In the next release we plan to include full support for getting and managing certificates using the ACME protocol, as well as a change from BoringSSL to Rustls as the default TLS library.

Links

More from the Prossimo blog

September 17, 2024

River Reverse Proxy Making Great Progress

Memory safe River now supports load balancing, rate limiting, graceful reloads, and more.

February 28, 2024

Announcing River: A High Performance and Memory Safe Reverse Proxy Built on Pingora

Improving security for a critical piece of Internet infrastructure.

Funders

chainguard
cloudflare
shopify