Run Sonatype Nexus on server over 8443 (HTTPS/TLS) with a self signed certificate. Intended to be run on an EC2 Instance behind an ALB with public certificate.

sonatype-nexus-self-sign-cert

sudo service nexus stop
cd /opt/efs/nexus/
sudo keytool -genkey -alias <external_domain> -keyalg RSA -dname 'CN=<external_domain>, OU=UK, O=UK, C=UK, ST=LONDON, L=WESTMINSTER' -storepass <password> -validity 365 -keystore keystore.jks -keypass <password> -deststoretype pkcs12
sudo chown -R nexus:nexus /opt/efs/nexus/keystore.jks

###   Change /opt/efs/sonatype-work/nexus3/etc/nexus.propertiess
sudo sed -i 's|# application-host=0.0.0.0|application-port-ssl:8443|g' /opt/efs/sonatype-work/nexus3/etc/nexus.properties
sudo sed -i 's|# nexus-args=$${jetty.etc}/jetty.xml,$${jetty.etc}/jetty-http.xml,$${jetty.etc}/jetty-requestlog.xml|nexus-args=$${jetty.etc}/jetty.xml,$${jetty.etc}/jetty-https.xml,$${jetty.etc}/jetty-requestlog.xml|g' /opt/efs/sonatype-work/nexus3/etc/nexus.properties
sudo sed -i 's|# application-port=8081|appliication-port=8443|g' /opt/efs/sonatype-work/nexus3/etc/nexus.properties

###   Change /opt/efs/nexus/etc/jetty/jetty-https.xml
sudo sed -i 's|<Set name="KeyStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>|<Set name="KeyStorePath">/opt/efs/nexus/keystore.jks</Set>|g' /opt/efs/nexus/etc/jetty/jetty-https.xml
sudo sed -i 's|<Set name="TrustStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>|<Set name="TrustStorePath">/opt/efs/nexus/keystore.jks</Set>|g' /opt/efs/nexus/etc/jetty/jetty-https.xml
sudo sed -i 's|password|<password>|g' /opt/efs/nexus/etc/jetty/jetty-https.xml

sudo service nexus start