nginx遇到需要配置带密码的SSL证书时，每次configtest/-t/reload/start/stop/restart时都会提示需要输入SSL Key的密码(提示信息：Enter PEM pass phrase)，如果SSl Key有多个，则需要多次输入，非常不方便；网络上常用的方法是通过openssl删除掉key的密码来处理，此处我们用另一种配置方法：ssl_password_file file;

ssl_password_file：指定存储key密码的文件路径，文件内每一行即为一个密码；这样可以避免在对nginx服务进行状态控制和语法检查时提示输入密码。若放在配置文件的http区域，即为全局密码配置，这适用于所有密码统一的情况；若放在server区域，即为每个server内单独指定的密码，这适用于密码不同的情况。

参考

配置参考

仅贴出server区域示例

server { listen 443; server_name server1.test.com; ssl on; ssl_certificate /etc/nginx/ssl/server1.crt; ssl_certificate_key /etc/nginx/ssl/server1.key; ssl_password_file /etc/nginx/ssl/server1.pw; access_log /var/log/nginx/server1_access.log; error_log /var/log/nginx/server1_error.log; index index.html; proxy_set_header X-Forwarded-Port 443; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; root /opt/html/server1; }}server { listen 443; server_name server2.test.com; ssl on; ssl_certificate /etc/nginx/ssl/server2.crt; ssl_certificate_key /etc/nginx/ssl/server2.key; ssl_password_file /etc/nginx/ssl/server2.pw; access_log /var/log/nginx/server2_access.log; error_log /var/log/nginx/server2_error.log; index index.html; proxy_set_header X-Forwarded-Port 443; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_read_timeout 5m; proxy_send_timeout 5m; root /opt/html/server2; }}

提示：ssl_password_file配置的文件必需存在，否则nginx会报错；若key没有密码，但是也配置了ssl_password_file的情况，不会影响nginx及此域名的访问，因为nginx会忽略此密码文件里的内容