I see your point there. Thank you for the link. It made me wondering why "SSLPassPhraseDialog" from Apache was not as well added on Nginx.
Indeed, I am looking for a solution that wouldn't decrease the global security of my system. I can not consider leaving the password of a PEM key in cleartext like "ssl_password_file" solution proposed by Nginx, nor to remove the password of the key cert file for obvious and same reasons.
What solution do I have then, solution that would be clean enough in terms of security, and to ensure that next nginx updates won't cause problems?
Richard Stanway Wrote:
-------------------------------------------------------
> Running nginx directly works fine because nginx can see and use your
> terminal. (Re)starting nginx through systemd does not, because systemd
> doesn't provide a terminal (nor would your input reach it).
>
> See https://trac.nginx.org/nginx/ticket/433
>