Backend & DevOps

The infrastructure that
holds it all together.

Robust APIs, optimized databases, secure servers, stress-free deployments. The invisible backbone that powers every project.

30+Projects deployed
99.9%Uptime guaranteed
50+APIs built
0Security flaws
Skills

Mastered tech stack

Every tool chosen for the right reason — performance, scalability, or delivery speed.

Runtime & Languages

Node.js92%

REST APIs, middleware, WebSockets, Express/Fastify

PHP88%

Pure backend, REST API, cPanel/Apache integration

TypeScript90%

Strict typing, generics, advanced interfaces

Python72%

Automation scripts, Flask API, data processing

Databases

MySQL / MariaDB90%

Complex schemas, indexing, optimized queries

Supabase / PostgreSQL85%

RLS, realtime, auth, storage, edge functions

Prisma ORM88%

Relations, migrations, typed query builder

MongoDB70%

Documents, aggregation, Atlas cloud

Infrastructure & DevOps

Docker82%

Containers, docker-compose, multi-services

Apache / Nginx88%

.htaccess, virtual hosts, proxy, rewrite rules

cPanel / VPS92%

Deployment, DNS, FTP, SSL certificates

Git & CI/CD85%

Git flow, GitHub Actions, auto deployment

Security & Auth

JWT / OAuth287%

Stateless auth, tokens, refresh, roles

HTTPS / SSL / TLS92%

Let's Encrypt certificates, HSTS, CORS

Firewall & WAF80%

iptables rules, fail2ban, DDoS protection

GDPR & CNDP85%

Law 09-08 compliance, T&C, privacy policy

What I build

Backend Services

01

REST API & GraphQL

Design and development of robust APIs, documented with Swagger. Versioning, rate limiting, pagination.

02

Database Architecture

Complex schema modeling, query optimization, indexing, relations, migrations.

03

Docker & Micro-services

Application containerization, multi-service orchestration, dev/prod environment isolation.

04

Auth & Security

Secure authentication systems — JWT, OAuth2, sessions, RBAC, 2FA, CSRF/XSS protection.

05

Transactional Emails

SMTP, Mailgun, SendGrid — HTML templates, triggered emails, bounce handling.

06

Online Payment

CMI, Stripe, PayPal integration. Webhooks, order confirmation, banking compliance.

07

Deployment & CI/CD

Automated deployment pipeline, rollback, zero-downtime, bash automation scripts.

08

Monitoring & Logs

Uptime monitoring, alerts, centralized logs, server performance dashboards.

09

Backups & Recovery

Daily/weekly auto backup strategy, fast restoration, failure resilience.

Server Setup

From zero to production in 5 steps

01

Provisioning

VPS/host choice, OS installation, secure SSH access, network and DNS configuration.

02

Stack Setup

Apache/Nginx, PHP/Node.js, MySQL, SSL Let's Encrypt installation, firewall configuration.

03

Deployment

File upload, DB migrations, environment variables, final consistency tests.

04

Hardening

Fail2ban, HSTS, security headers, WAF, vulnerability audit, backup policy.

05

Monitoring

Uptime Robot, email/SMS alerts, log rotation, Grafana dashboards if needed.

Backend Work

Projects in production

Event Platform

Full PHP API — online registration, secure payment, participant management, real-time admin dashboard.

PHP REST APIMySQLPayment GatewayCNDP ComplianceApachecPanel
100+Managed users
20+API endpoints
99.9%Uptime

Booking System

Full backend — Prisma ORM + Supabase, real-time availability, automated emails, admin dashboard.

Node.jsPrismaSupabasePostgreSQLViteAuth JWT
15+Units managed
500+API calls/day
95+PageSpeed

Sports App [Confidential]

Multi-service backend — Node.js API for team/match/standings management, PostgreSQL, OAuth2 auth, real-time push notifications.

Node.jsDockerPostgreSQLWebSocketREST APIOAuth2
5Micro-services
40+Endpoints
WSReal-time

Editorial Platform [Confidential]

Supabase backend — editor authentication, article/category/tag management, CDN image upload, granular RLS policies.

SupabasePostgreSQLRLSStorageEdge FunctionsAuth
50+Articles indexed
12RLS policies
WSRealtime
Code sample

Clean code,
maintainable and documented

api/users.tsTypeScript
// POST /api/users — Secure account creation
export async function createUser(req: Request, res: Response) {
  const { name, email, password, role = 'user' } = req.body;

  if (!name || !email || !password) {
    return res.status(400).json({ error: 'Required fields missing' });
  }

  try {
    const existing = await db.query(
      'SELECT id FROM users WHERE email = ? LIMIT 1',
      [email]
    );
    if (existing.length > 0) {
      return res.status(409).json({ error: 'Email already in use' });
    }

    const hash = await bcrypt.hash(password, 12);

    const result = await db.query(`
      INSERT INTO users (name, email, password_hash, role, created_at)
      VALUES (?, ?, ?, ?, NOW())
    `, [name, email, hash, role]);

    const token = jwt.sign(
      { id: result.insertId, email, role },
      process.env.JWT_SECRET!,
      { expiresIn: '7d' }
    );

    await mailer.send({ to: email, template: 'welcome', data: { name } });

    return res.status(201).json({ success: true, token });

  } catch (err) {
    console.error('[createUser]', err);
    return res.status(500).json({ error: 'Server error' });
  }
}

Need solid infrastructure?

Whether it's an API from scratch or an existing infrastructure overhaul, I handle the entire backend — from design to secure deployment.

AL.

© 2026 Aymane Limam — Full-Stack Developer & SEO Expert