feat: rebrand Hemmelig to paste.es for cloudhost.es

- Set Spanish as default language with ephemeral/encrypted privacy focus - Translate all user-facing strings and legal pages to Spanish - Replace Norwegian flag with Spanish flag in footer - Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship - Rewrite PrivacyPage: zero data collection, ephemeral design emphasis - Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references - Update PWA manifest, HTML meta tags, package.json branding - Rename webhook headers to X-Paste-Event / X-Paste-Signature - Update API docs title and contact to paste.es / cloudhost.es Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-24 09:30:19 +01:00
commit bc9f96cbd4
268 changed files with 45773 additions and 0 deletions
--- a/docs/metrics.md
+++ b/docs/metrics.md
@@ -0,0 +1,85 @@
+# Prometheus Metrics
+
+Hemmelig provides a Prometheus-compatible metrics endpoint for monitoring your instance.
+
+## Enabling Metrics
+
+1. Go to **Dashboard > Instance > Metrics** tab
+2. Enable the **Enable Prometheus Metrics** toggle
+3. Optionally, set a **Metrics Secret** for authentication
+4. Save the settings
+
+## Endpoint
+
+```
+GET /api/metrics
+```
+
+## Authentication
+
+If a metrics secret is configured, you must include it as a Bearer token in the `Authorization` header:
+
+```bash
+curl -H "Authorization: Bearer YOUR_METRICS_SECRET" https://your-instance.com/api/metrics
+```
+
+If no secret is configured, the endpoint is accessible without authentication (not recommended for production).
+
+## Available Metrics
+
+### Application Metrics
+
+| Metric                                   | Type      | Description                                  |
+| ---------------------------------------- | --------- | -------------------------------------------- |
+| `hemmelig_secrets_active_count`          | Gauge     | Current number of active (unexpired) secrets |
+| `hemmelig_users_total`                   | Gauge     | Total number of registered users             |
+| `hemmelig_visitors_unique_30d`           | Gauge     | Unique visitors in the last 30 days          |
+| `hemmelig_visitors_views_30d`            | Gauge     | Total page views in the last 30 days         |
+| `hemmelig_http_request_duration_seconds` | Histogram | Duration of HTTP requests in seconds         |
+
+### Default Node.js Metrics
+
+The endpoint also exposes default Node.js runtime metrics including:
+
+- `nodejs_heap_size_total_bytes` - Process heap size
+- `nodejs_heap_size_used_bytes` - Process heap size used
+- `nodejs_external_memory_bytes` - Node.js external memory
+- `nodejs_eventloop_lag_seconds` - Event loop lag
+- `nodejs_active_handles_total` - Number of active handles
+- `nodejs_active_requests_total` - Number of active requests
+- `process_cpu_user_seconds_total` - User CPU time spent
+- `process_cpu_system_seconds_total` - System CPU time spent
+- `process_start_time_seconds` - Process start time
+- `process_resident_memory_bytes` - Resident memory size
+
+## Prometheus Configuration
+
+Add the following job to your `prometheus.yml`:
+
+```yaml
+scrape_configs:
+    - job_name: 'hemmelig'
+      scrape_interval: 30s
+      static_configs:
+          - targets: ['your-instance.com']
+      metrics_path: '/api/metrics'
+      scheme: https
+      # If using authentication:
+      authorization:
+          type: Bearer
+          credentials: 'YOUR_METRICS_SECRET'
+```
+
+## Grafana Dashboard
+
+You can create a Grafana dashboard to visualize these metrics. Here's an example panel query for active secrets:
+
+```promql
+hemmelig_secrets_active_count
+```
+
+## Security Considerations
+
+- Always use a strong, randomly generated secret for the metrics endpoint in production
+- Consider using network-level restrictions (firewall, VPN) to limit access to the metrics endpoint
+- The metrics endpoint does not expose any sensitive data (secret contents, user data, etc.)