Muhami

Sector: Legal services / Online directory

Stack: Django · HTMX · Tailwind · PostgreSQL · Celery · Memcached · Nginx · Cloudflare · Nuxt · Shadcn UI · Google Cloud Storage · DigitalOcean Spaces

Engagement length: Six months from kickoff to launch

What it proves: Disciplined Django web development, SEO-ready architecture, defensible security posture, and a foundation built to grow.

Muhami‘s foundation is deliberately extensible. Adding new geographies is a configuration exercise, not a rebuild. AI-assisted profile matching, automated enquiry routing, smarter article recommendations, and traffic-shaping for high-load events are all plug-in additions on the existing Django + Celery base. The partner portal can expand into billing, analytics, and lead management without disturbing the public site. The data model has clean seams for the next two years of product work.

Visit Website

Project Brief

Muhami needed a public-facing directory for the UAE legal industry: lawyers, law firms, in-house counsel, corporate legal teams, and adjacent professionals which is searchable across industries, practice areas, and service areas, with deep filtering, verified profiles, enquiry workflows, reviews, and a knowledge-base layer for legal articles. The site had to launch search-engine-ready from day one, behave as quickly as a single-page app, and support a separate workflow for partners managing their own listings, leads, and content.

Above all, it had to be defensible: technically, because legal data attracts scrutiny, and architecturally, because the platform needed room to grow into AI features, higher traffic tiers, and adjacent geographies.

We delivered in six months. Muhami is now one of the projects we point to when clients ask what engineering-led web development actually looks like.

Architecture: Django + HTMX for the public site, Nuxt for the partner portal for Muhami

Public Portal	The public directory runs on Django with Tailwind for styling and HTMX for interactivity. We deliberately rejected a full SPA framework for the public site. The reasons were search visibility, predictable rendering, and operational simplicity.
HTMX: The New Age SPA	HTMX gave us SPA-feel where it matters most — autocomplete in search, filter chip toggling, paginated list updates, modal flows, form submissions — without the hydration overhead of a JavaScript-first stack. Pages are server-rendered, fully crawlable, and ship a fraction of the JavaScript a typical Next.js or Nuxt site would. Time-to-interactive on the directory listing pages is under one second on mid-tier mobile devices.
Muhami Partners	The partner portal is a different problem. Partners log in, manage their own profiles, respond to enquiries, edit articles, and need a workspace that behaves like an application. For that we built a separate Nuxt frontend with Shadcn UI components, talking to Django over an authenticated API. The split lets each surface use the tool best fit for the job — server-rendered Django for the indexable, public, content-heavy directory; component-driven Nuxt for the stateful, authenticated workspace.
Backend Architecture	PostgreSQL backs the platform. Celery handles every job that has no business blocking a request — enquiry notifications, search-index refreshes, article moderation pipelines, review aggregation, scheduled exports. Nginx sits in front of the application as the reverse proxy, with Cloudflare in front of that handling DDoS mitigation, edge caching, bot management, and TLS termination. Memcached holds the expensive reads — filter aggregates, popular profile views, autocomplete indexes — keeping database load flat even as traffic spikes. Static and user-uploaded files split across Google Cloud Storage and DigitalOcean Spaces, fronted by signed URLs. The split gives us geographic redundancy and lets us route assets to the fastest path for each request.
Search and filtering	Most legal directories ship a search box and call it done. Muhami’s users — a corporate counsel looking for an Abu Dhabi lawyer specialising in cross-border M&A, for instance — need to combine industry, practice area, service area, location, language, firm size, and free-text keywords in a single fluent query. We built the filter system to be composable. Every facet can be applied, removed, and recombined without a page reload, with HTMX swapping result fragments while the URL updates to keep every search state shareable and bookmarkable. Autocomplete runs against a cached index served from Memcached, with PostgreSQL trigram and full-text search handling the long tail. The search layer understands aliases — “attorney” maps to “lawyer”, “M&A” to “mergers and acquisitions” — so users find what they mean rather than what they typed.
SEO and AI-search readiness from the foundation	Muhami was built to be discovered. Every profile, listing, article, and category page ships server-rendered HTML with full schema.org JSON-LD — `LegalService`, `Organization`, `Person`, `Article`, `BreadcrumbList`, `FAQPage`, and `AggregateRating` where reviews exist. Sitemaps regenerate on a Celery cadence. Canonicals are explicit. Internal linking follows a topical-cluster pattern so authority compounds toward the highest-intent pages. We also shipped an `llms.txt` and structured the page-level entity data to be cleanly parseable by ChatGPT, Gemini, Perplexity, and Google AI Overview. As answer engines start citing legal directories inside generated responses, Muhami is positioned to be one of the cited sources, not one of the overlooked ones.
Security posture — built in layers, not bolted on	Legal data attracts attackers. We hardened Muhami as a layered system rather than a single firewall.Cloudflare at the edge absorbs volumetric attacks, filters malicious bots, and shields the origin. Behind it, the application enforces strict security headers, a tight content-security policy, and modern cookie attributes. Every form is CSRF-protected. Inputs are validated at the framework boundary; outputs are escaped by template default; the ORM closes off the SQL-injection class of bugs by construction. Authenticated workflows operate on scoped session and token controls. Uploaded files are signed, scanned, and served from isolated storage so the application server never streams raw user content.We will not catalogue specific configurations here for obvious reasons. What we will say is that the platform clears external security-header audits, ships clean against the OWASP Top 10 categories, and has a documented incident-response runbook the operations team can execute under pressure.
Performance and the admin layer	PageSpeed Insights reports green Core Web Vitals across directory and profile pages — LCP under two seconds, CLS effectively zero, INP comfortably below threshold. Memcached, Cloudflare edge caching, and disciplined image handling — WebP, explicit dimensions, lazy loading — carry most of the work.The admin layer is where Muhami scales operationally. Site administrators moderate listings, submissions, articles, enquiries, and reported content from a single interface, with bulk actions, filtered queues, and audit trails on every change. Moderation at scale is what determines whether a directory stays trustworthy as it grows; we built for that from the first sprint, not as a retrofit.

What We Delivered

NullStack Technologies created a website that looks great, works well, and can be used on different devices. Six months from kickoff, Muhami launched as a fast, search-ready, secure legal directory built to grow — and it remains one of our flagship references for Django, full-stack web development, and SEO-ready engineering done the way it should be done.