Junior DevOps / System Engineer

I build small systems that behave like real platforms.

Linux, Docker, deployment automation, monitoring, and recovery are the core of my work. `shellr.net` is not a placeholder portfolio. It is the frontdoor of a running single-VM platform with live services, constrained resources, and operational decisions that can be explained.

4 vCPU / 8 GB Hetzner VM Docker Compose runtime Nginx + Let's Encrypt Prometheus / Grafana / Loki

Positioning

Focused on practical infrastructure work, not decorative tooling.

I am building toward DevOps and System Engineering roles with a clear bias toward runtime clarity, recoverability, and operational hygiene. I care about how systems are shipped, monitored, restored, and explained once they are live.

This platform is intentionally small. That is the point. On a single VM, trade-offs are visible: routing has to stay clean, log growth has to stay bounded, backups must be readable, and every extra moving part has to justify itself.

Linux administration and host hardening

Container delivery with Docker and Compose

Reverse proxying, TLS, and hostname routing

Health-gated deployment and rollback thinking

Featured Projects

Projects that expose real operational concerns.

core platform

Genesis platform

A small single-VM delivery platform with explicit routing, monitored services, bounded logs, documented recovery, and deployment automation built to stay understandable.

  • Docker Compose
  • Nginx
  • MariaDB
  • GitHub Actions
Read platform docs
live application

DMA statistics module

A legacy PHP application moved into a cleaner runtime model with its own subdomain, controlled database scope, container lifecycle, and operational checks.

  • PHP
  • MariaDB
  • Subdomain routing
  • Recovery path
Open DMA
reporting

AWStats, reporting, and automation

Traffic visibility, reporting workflows, and lightweight operational automation with a focus on maintainable output instead of oversized tooling.

  • AWStats
  • Scheduled jobs
  • Operational reporting
See project overview
migration

Web migration and hardening

Moving existing workloads onto a cleaner delivery baseline: SSH hardening, firewalling, TLS, health endpoints, and rollback-aware runtime changes.

  • Linux
  • UFW
  • Fail2ban
  • TLS
Open architecture
application layer

Inventory software

A lightweight PHP inventory application used as a controlled CRUD workload for containerization, MariaDB integration, health checks, and deployment tests.

  • PHP
  • MariaDB
  • CRUD
  • Health checks
Inspect implementation

Platform

Single-VM engineering with explicit boundaries.

Runtime topology host separation over platform sprawl
Internet
  |
Nginx + TLS
  |-- shellr.net         -> portfolio app
  |-- dma.shellr.net     -> DMA
  |-- grafana.shellr.net -> Grafana (restricted)
  |-- status.shellr.net  -> Uptime Kuma
  |
Docker networks
  |-- frontend
  |-- backend
  |-- monitoring

Ingress

One Nginx entrypoint handles host-based routing, HTTPS termination, redirects, and service separation across the public surface.

Runtime

Applications stay containerized and isolated by purpose: landing page, DMA, database, monitoring, and logging each keep their own runtime role.

Observability

Prometheus, Grafana, Uptime Kuma, Loki, and Promtail are sized for the host instead of trying to imitate a larger estate.

Recovery

Backups, restore scripts, and rollback-aware deploy logic matter as much as the initial deployment when the platform is meant to be credible.

Technologies & Working Style

Linux, containers, automation, and operational discipline.

Core stack

  • Linux administration and service hardening
  • Docker Engine and Docker Compose
  • Nginx, HTTPS, and subdomain routing
  • GitHub Actions with SSH deployment
  • Prometheus, Grafana, Uptime Kuma, Loki, Promtail

How I work

  • Prefer explicit boundaries over magic abstractions.
  • Keep the platform inspectable by one engineer on one VM.
  • Treat monitoring, logging, and backup as first-class work.
  • Document decisions so the system remains explainable later.

Next step

Want the technical view instead of the frontdoor?

The full platform documentation covers architecture, deployment flow, monitoring, logging, backup, routing, and lessons learned from running this stack on one constrained VM.