feat: add metrics

Author: natesales

Diff for: README.md

@@ -15,6 +15,7 @@ A reverse proxy service that terminates TLS and exposes an AMD SEV-SNP attestati
 ```yaml
 domain: example.com                # Domain name for TLS certificate (leave empty to generate a self-signed certificate)
 upstream-port: 8080                # Required: upstream HTTP port
+metrics-port: 8081                 # Optional: Prometheus metrics port (disabled if empty)
 listen-port: 443                   # Port to listen on (default: 443)
 paths:                             # Optional: List of allowed paths (default: all)
   - /api/v1

Diff for: go.mod

@@ -6,27 +6,35 @@ require (
 	github.com/caddyserver/certmagic v0.21.7
 	github.com/creasty/defaults v1.8.0
 	github.com/google/go-sev-guest v0.12.1
+	github.com/prometheus/client_golang v1.15.1
 	github.com/sirupsen/logrus v1.9.1
 	github.com/tinfoilanalytics/verifier v0.0.9
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
 	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
+	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blocky/nitrite v0.0.1 // indirect
 	github.com/caddyserver/zerossl v0.1.3 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/go-configfs-tsm v0.2.2 // indirect
 	github.com/google/go-containerregistry v0.20.2 // indirect
 	github.com/google/logger v1.1.1 // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.9 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20240620165639-de9c06129bec // indirect
 	github.com/libdns/libdns v0.2.2 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mholt/acmez/v3 v3.0.1 // indirect
 	github.com/miekg/dns v1.1.62 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/prometheus/client_model v0.4.0 // indirect
+	github.com/prometheus/common v0.42.0 // indirect
+	github.com/prometheus/procfs v0.9.0 // indirect
 	github.com/rogpeppe/go-internal v1.13.1 // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/sigstore/sigstore v1.8.9 // indirect

Diff for: go.sum

@@ -24,6 +24,7 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
@@ -109,6 +110,7 @@ golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
 golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

Diff for: main.go

@@ -16,6 +16,8 @@ import (
 	"github.com/creasty/defaults"
 	"github.com/google/go-sev-guest/abi"
 	"github.com/google/go-sev-guest/client"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/time/rate"
 	"gopkg.in/yaml.v3"
@@ -28,6 +30,7 @@ var version = "dev"
 var config struct {
 	Domain       string   `yaml:"domain"`
 	ListenPort   int      `yaml:"listen-port" default:"443"`
+	MetricsPort  int      `yaml:"metrics-port"`
 	UpstreamPort int      `yaml:"upstream-port"`
 	Paths        []string `yaml:"paths"`
 	KeyServer    string   `yaml:"key-server"`
@@ -103,6 +106,16 @@ func main() {
 
 	mux := http.NewServeMux()
 
+	requestsMetric := prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Name: "sev_shim_proxy_requests_total",
+			Help: "Number of HTTP requests",
+		},
+		[]string{},
+	)
+	r := prometheus.NewRegistry()
+	r.MustRegister(requestsMetric)
+
 	// Request TLS certificate
 	var tlsConfig *tls.Config
 	if config.Domain != "" {
@@ -159,6 +172,8 @@ func main() {
 	}
 
 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		requestsMetric.WithLabelValues().Inc()
+
 		auth := r.Header.Get("Authorization")
 
 		if config.KeyServer != "" {
@@ -230,6 +245,14 @@ func main() {
 		json.NewEncoder(w).Encode(att)
 	})
 
+	if config.MetricsPort > 0 {
+		log.Printf("Starting metrics server on port %d", config.MetricsPort)
+		go func() {
+			listenAddr := fmt.Sprintf(":%d", config.MetricsPort)
+			log.Fatal(http.ListenAndServe(listenAddr, promhttp.HandlerFor(r, promhttp.HandlerOpts{})))
+		}()
+	}
+
 	listenAddr := fmt.Sprintf(":%d", config.ListenPort)
 	httpServer := &http.Server{
 		Addr:      listenAddr,