What services does SKYLINE provide?

We provide specialized divisions including: Data Centre Design & Build (Tier III/IV), Cybersecurity SOC/NOC Operations, SCADA & Automation, Fire Safety, Construction, HVAC, AI Solutions, Server Infrastructure with HPE & Dell, and Software Development.

Does SKYLINE design and build data centres?

Yes, we specialize in Tier III and Tier IV data centre design and construction including electrical infrastructure, precision cooling, raised flooring, fire suppression, and Schneider Electric UPS systems. All our projects are SACS-002 compliant and trusted by major clients like Saudi Aramco and SABIC.

Where is SKYLINE located?

Our headquarters is in Dammam, Eastern Province, Saudi Arabia. We serve all regions of Saudi Arabia and GCC countries including Riyadh, Jeddah, Khobar, Dhahran, and Jubail.

What compliance certifications does SKYLINE hold?

We comply with NCA-ECC (Essential Cybersecurity Controls), SACS-002 (Saudi Communications Standards for Data Centres), ISO 27001 (Information Security Management), and SAMA Cybersecurity Framework.

What experience does SKYLINE have in the Saudi market?

SKYLINE was founded in 2019 with 6+ years of experience, has completed 15+ mega projects including the FIFA Club World Cup, and serves 200+ clients including Saudi Aramco, SABIC, Maaden, and STC.

SKYLINE Industrial & IT Solutions

A field-tested, step-by-step guide. How to Install Nginx on Debian 12 — prerequisites, the actual commands, verification, and links to related Debian topics.

SKYLINE Engineering @skyline

Published: Apr 8, 2026
Last updated: May 28, 2026
Reading time: 3 min

Nginx is the default reverse proxy / static-file server on most modern Linux stacks. This guide installs the upstream Nginx package on Debian 12 (not the older one in the distro repo), serves a basic site, terminates TLS with Let's Encrypt, and adds two of the headers every public site should send.

Prerequisites

Debian 12 with sudo.
A DNS A/AAAA record pointing at the server.
Outbound TCP/443 + 80 reachable for ACME HTTP-01 challenges.

Step 1: Add the upstream Nginx repo

sudo apt update
sudo apt install -y curl gnupg2 ca-certificates lsb-release debian-archive-keyring

curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
  | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg > /dev/null

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian $(lsb_release -cs) nginx" \
  | sudo tee /etc/apt/sources.list.d/nginx.list

sudo apt update
sudo apt install -y nginx
sudo systemctl enable --now nginx

Step 2: Open the firewall

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw status

Step 3: Serve a static site

sudo mkdir -p /var/www/example.sa
echo '<h1>Hello from SKYLINE</h1>' | sudo tee /var/www/example.sa/index.html
sudo chown -R www-data:www-data /var/www/example.sa

Drop /etc/nginx/conf.d/example.sa.conf:

server {
    listen 80;
    listen [::]:80;
    server_name example.sa www.example.sa;

    root  /var/www/example.sa;
    index index.html;

    access_log /var/log/nginx/example.sa.access.log;
    error_log  /var/log/nginx/example.sa.error.log;

    location / {
        try_files $uri $uri/ =404;
    }
}

Test syntax and reload:

sudo nginx -t && sudo systemctl reload nginx
curl -fI http://example.sa/

Step 4: TLS with Let's Encrypt

sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d example.sa -d www.example.sa \
  --agree-tos --redirect -m ops@example.sa --no-eff-email

Certbot writes the cert paths, adds the redirect block, and installs a systemd renewal timer:

sudo systemctl list-timers certbot.timer
sudo certbot renew --dry-run

Step 5: Add the basic security headers

Drop /etc/nginx/conf.d/headers.conf:

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header X-Content-Type-Options    "nosniff" always;
add_header Referrer-Policy           "strict-origin-when-cross-origin" always;
add_header X-Frame-Options           "SAMEORIGIN" always;

Reload Nginx, then verify with curl -I https://example.sa/.

Step 6: A simple reverse-proxy block

To put Nginx in front of an app on 127.0.0.1:3000 (Node, Python, anything):

location / {
    proxy_pass         http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header   Host              $host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_read_timeout 60s;
}

Verify

sudo nginx -t
curl -fI https://example.sa/
curl -s -o /dev/null -w "%{http_code}\n" https://example.sa/missing  # expect 404

Conclusion

Upstream Nginx + Certbot is the easiest path to a reliable HTTPS-by-default server on Debian. Keep your site configs in /etc/nginx/conf.d/*.conf (or git) and you have everything you need.

Next steps

Add a cron job to back up /etc/nginx daily.
Tighten the host with unattended security upgrades.
For Docker-based services, see Docker + Compose (same on Debian).

SKYLINE Engineering

@skyline

The engineering team at SKYLINE Industrial Solutions. We publish field-tested guides drawn from real KSA and GCC deployments.

See author profile

SKYLINE engineering services

Need this implemented for you?

Reading is free — building it right takes a team. SKYLINE engineers ship Debian for Aramco vendors, banks, hospitals and government agencies across Saudi Arabia. Talk to us before you start.

Server Infrastructure Dell, HPE, Huawei, VMware, Hyper-V, HCI IT AMC Annual maintenance, 24/7 SLA, Bronze→Platinum

Talk to a SKYLINE engineer WhatsApp · +966 50 993 9334 Call +966 50 993 9334

Aramco Approved Contractor ISO 9001 · ISO 27001 SAMA CSF aligned NCA ECC ready 247+ KSA clients

Comments

0 total · 0 threads

Be the first to leave a comment.