DevOps Engineer · Yogyakarta, Indonesia · GMT+7

Leo Dandy

Production infrastructure that stays up. Ten years building systems across WordPress, Symfony, Laravel, and Firebase stacks.

10+
Years Linux
300+
Production Systems
99.7%
Uptime Maintained
7
Case Studies
Get in touch → View work
Core Stack
Nginx Terraform AWS GitHub Actions Firebase Docker PostgreSQL Redis Linux WordPress Symfony Prometheus
About

Infrastructure built to last.

I build and maintain production infrastructure across WordPress, Symfony, Laravel, and Firebase stacks. Ten years of server administration, automation, and the kind of debugging sessions where you learn why documentation matters. Based in Indonesia, working with teams across APAC and Europe.

Every system I ship comes with a runbook. Every incident leaves a post-mortem. The work isn't done until the next person can pick it up without asking me.

Selected Work

Seven production case studies.

01 · Infrastructure · Production

Multi-Domain Infrastructure Consolidation

Migrated a dental industry platform from eight scattered legacy domains onto a single consolidated structure. The project covered WordPress Multisite configuration across three canonical sites, fifteen-plus SSL certificates via Let's Encrypt, path-preserving 301 redirects, and hash-based SPA redirect handlers written in static HTML because hash fragments never reach the server.

Server hardening covered SSH key-only access on a non-standard port, UFW, Fail2ban, unattended security upgrades, MariaDB socket authentication, and rate-limited Nginx blocks for login and AJAX endpoints.

Zero downtime during migration. Automated deploy pipeline through GitHub Actions replaced manual SFTP. Full runbook delivered alongside the infrastructure.
Nginx PHP-FPM 8.4 MariaDB Let's Encrypt GitHub Actions WordPress Multisite Ubuntu Server
02 · Platform · Offline-First System

Restaurant Management Platform — Multi-Tenant PWA

Offline-capable restaurant operations system serving multiple merchants with three distinct interfaces: admin dashboard, handheld POS, and customer QR ordering. A single Firebase Hosting deployment serves three custom domains through runtime hostname detection and route filtering.

The offline layer runs on Raspberry Pi using SurrealDB, keeping service available when the internet goes down. Role-based access control through Firebase custom claims covers five roles across platform and merchant scope. A production-to-staging migration tooling was built for safe testing with real client data, excluding user and session collections by design.

Three production environments with automated deployment workflows. Documented migration procedures replicated by the team without my involvement.
Firebase Firestore SurrealDB Fastify React TypeScript pnpm Workspaces Raspberry Pi
03 · Infrastructure as Code · AWS

Symfony Application — Three-Environment AWS Architecture

Production Symfony cohort-based learning platform with dev, staging, and production environments. Production runs dual instances behind an Application Load Balancer with shared Redis session storage, RDS PostgreSQL, and S3-backed file storage. The entire stack was provisioned through Terraform.

Cross-VPC networking took an eight-hour troubleshooting session covering security groups, route tables, peering non-transitivity, and NAT gateway limitations. The working solution — RDS in public subnets with strict security group restrictions — went against the standard playbook but was the right call for the constraints. GitHub webhooks drive deployment to all three environments.

Runbook delivered with architecture diagrams and command reference. Deployment time dropped from the initial eight-hour session to roughly one hour for subsequent environments.
Terraform AWS Lightsail RDS PostgreSQL ALB Redis Symfony 7 Nginx GitHub Actions
04 · Reliability · Observability

Production Monitoring Rollout

Building out Prometheus and Grafana for the Symfony platform — SLIs mapped to user-facing outcomes rather than raw HTTP codes, SLOs with error budgets, and the four golden signals applied to each service. node_exporter and Prometheus run as systemd services on Ubuntu.

First observability stack for the platform. The framework carries across every future service the team deploys.
Prometheus node_exporter Grafana systemd Ubuntu Server
05 · Automation · CI/CD

Deployment Pipelines Across 300+ Production Systems

GitHub Actions and GitLab CI/CD workflows covering WordPress, Laravel, Symfony, React, and Next.js applications. Build stages run on GitHub runners, rsync deployment uses SSH deploy keys with restricted scopes, and post-deploy hooks handle cache invalidation and health verification.

A reusable WordPress workflow was extracted into its own repository and adopted across client projects. Email notifications on every deploy provide a paper trail with commit diffs, author attribution, and direct links to the commit or pull request.

Deployment errors reduced by roughly 90%, manual deployment work reduced by 60%. 99.7% uptime maintained across the managed fleet.
GitHub Actions GitLab CI/CD rsync SSH Key Management Node.js Shell Scripting
06 · Incident Response · Recovery

Compromised WordPress Recovery — Four-Hour Window

Client's WordPress site was compromised hours before a campaign launch. Malicious code was scattered across the filesystem, the database contained injected content, and the original backup was also affected.

Clean recovery required sanitising the database, rebuilding affected files from a known-good source, rotating all credentials, hardening wp-admin access, and installing an automated backup system before the site went back online.

Site restored with thirty minutes to spare. Campaign launched on schedule. Client still refers new work years later.
WordPress MySQL Linux Forensics Security Hardening Automated Backups
07 · Performance · E-Commerce

WooCommerce Performance Recovery

Page load times at 8+ seconds, conversion rates declining, a database bloated to 400MB of transient data and orphaned revisions. The fix covered database cleanup, image optimisation (8.2MB to 1.4MB assets), strategic Redis caching, CDN integration, and Nginx FastCGI tuning specifically for the theme's response size.

Load time down to 2.1 seconds. Client reported a 35% increase in conversions. The approach became standard preventive maintenance across their other sites.
WordPress WooCommerce MySQL Optimisation Redis Nginx CDN
Capabilities

What I bring to a team.

Infrastructure as Code
  • Production Terraform deployments
  • Multi-environment strategies
  • State management
  • Reusable module design
AWS
  • VPC architecture and troubleshooting
  • Lightsail, RDS, ALB, S3, EC2
  • Security groups and networking
  • Cross-account connectivity
CI/CD Automation
  • GitHub Actions (production scale)
  • GitLab CI/CD pipelines
  • rsync and SSH deploy patterns
  • Zero-downtime deployments
Application Platforms
  • LEMP and LAMP stacks
  • WordPress, Laravel, Symfony
  • Fastify, React, Next.js
  • Firebase multi-tenant systems
Data Layer
  • PostgreSQL and MySQL tuning
  • Redis for caching and sessions
  • Firestore schema design
  • Production data migrations
Reliability Engineering
  • 99.7% uptime maintained
  • Sub-15-minute incident response
  • Prometheus and Grafana monitoring
  • SLI/SLO frameworks
Server Administration
  • Linux administration (10 years)
  • Nginx and Apache configuration
  • SSL, DNS, and email delivery
  • Security hardening and Fail2ban
Containers
  • Docker and Docker Compose
  • Multi-stage builds
  • Image optimisation
  • Kubernetes fundamentals
Approach

How I work.

01
Systematic over clever.
Methodical debugging beats lucky guesses. When a VPC issue took eight hours to resolve, every hypothesis was tested, every result written down, and the root cause documented so the team wouldn't repeat it.
02
Documentation is a deliverable.
Every production system I touch leaves a runbook behind. Architecture diagrams, command references, troubleshooting paths, migration procedures. The work isn't finished until the next person can pick it up.
03
Automate what repeats.
Manual deployment is a liability. If a task happens more than twice, it goes into a script, a workflow, or a Terraform module.
04
Production-grade from day one.
Security groups, backups, monitoring, and access control get configured at setup time, not retrofitted later when something breaks.
05
Cost-conscious by default.
Right-sized instances, sensible retention policies, and infrastructure that matches actual load rather than imagined scale.
Get in touch

Open to remote DevOps
and SRE roles.

Teams that value systematic problem-solving, production reliability, and the discipline of writing things down. Best timezone fit: APAC and Europe.

hello@leo-rio.com