Infinispan on Amazon AWS Beanstalk (should work with vanilla EC2 and ECS)

30_docker_ports.config

files:
    /opt/elasticbeanstalk/hooks/appdeploy/post/10_docker_nat.sh:
        mode: "000755"
        owner: root
        group: root
        content: |
            #!/bin/bash
            set -u # Fail on unset variables
            set -e # Fail if any command fails
            PATH="$PATH:/sbin:/usr/bin"
            # Locate new container
            EB_DOCKER_INSTANCE=$(/opt/elasticbeanstalk/bin/get-config container | jq -r .app_deploy_file | xargs cat)
            EB_CONFIG_UPSTREAM_IP=$(docker inspect ${EB_DOCKER_INSTANCE} | jq -r .[0].NetworkSettings.IPAddress)
            echo "Setting upstream to: ${EB_CONFIG_UPSTREAM_IP} for ${EB_DOCKER_INSTANCE}"
            # Flush DOCKER rules
            iptables -t nat --flush DOCKER
            iptables -t nat -A DOCKER -p tcp --dport 7600 -j DNAT --to-destination ${EB_CONFIG_UPSTREAM_IP}:7600
            iptables -t nat -A DOCKER -p tcp --dport 7699 -j DNAT --to-destination ${EB_CONFIG_UPSTREAM_IP}:7699
            iptables -L -n -t nat

    /opt/elasticbeanstalk/hooks/configdeploy/post/10_docker_nat.sh:
        mode: "000755"
        owner: root
        group: root
        content: |
            #!/bin/bash
            set -u # Fail on unset variables
            set -e # Fail if any command fails
            PATH="$PATH:/sbin:/usr/bin"
            # Locate new container
            EB_DOCKER_INSTANCE=$(/opt/elasticbeanstalk/bin/get-config container | jq -r .app_deploy_file | xargs cat)
            EB_CONFIG_UPSTREAM_IP=$(docker inspect ${EB_DOCKER_INSTANCE} | jq -r .[0].NetworkSettings.IPAddress)
            echo "Setting upstream to: ${EB_CONFIG_UPSTREAM_IP} for ${EB_DOCKER_INSTANCE}"
            # Flush DOCKER rules
            iptables -t nat --flush DOCKER
            iptables -t nat -A DOCKER -p tcp --dport 7600 -j DNAT --to-destination ${EB_CONFIG_UPSTREAM_IP}:7600
            iptables -t nat -A DOCKER -p tcp --dport 7699 -j DNAT --to-destination ${EB_CONFIG_UPSTREAM_IP}:7699
            iptables -L -n -t nat

configureCache.xsl

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="2.0"
                xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
                xmlns:ispn="urn:jboss:domain:infinispan:4.0"
                xmlns:jgroups="urn:jboss:domain:jgroups:4.0">

    <xsl:output method="xml" indent="yes"/>

    <xsl:template match="//ispn:subsystem/ispn:cache-container[@jndi-name='infinispan/Keycloak']">
      <cache-container name="keycloak" jndi-name="infinispan/Keycloak">
        <transport lock-timeout="60000"/>
                <invalidation-cache name="realms" mode="SYNC"/>
                <invalidation-cache name="users" mode="SYNC"/>
                <distributed-cache name="sessions" mode="SYNC" owners="2" />
                <distributed-cache name="offlineSessions" mode="SYNC" owners="2"/>
                <distributed-cache name="loginFailures" mode="SYNC" owners="2"/>
                <replicated-cache name="work" mode="SYNC"/>
                <local-cache name="realmVersions">
                    <transaction mode="BATCH" locking="PESSIMISTIC"/>
                </local-cache>
      </cache-container>
    </xsl:template>

    <xsl:template match="//jgroups:subsystem">
        <subsystem xmlns="urn:jboss:domain:jgroups:4.0">
      <channels default="ee">
                <channel name="ee" stack="tcp"/>
            </channels>
      <stacks default="tcp">
        <stack name="tcp">
          <transport type="TCP">
            <property name="bind_port">${jgroups.bind.port:7600}</property>
            <property name="bind_addr">GLOBAL</property>
            <property name="external_addr">${jgroups.external.addr}</property>
          </transport>
           <protocol type="JDBC_PING">
            <property name="datasource_jndi_name">java:jboss/datasources/KeycloakDS</property>
            <property name="initialize_sql">
              CREATE TABLE IF NOT EXISTS JGROUPSPING (
              own_addr varchar(200) NOT NULL,
              cluster_name varchar(200) NOT NULL,
              updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
              ping_data varbinary(5000) DEFAULT NULL,
              PRIMARY KEY (own_addr, cluster_name))
              ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin
            </property>
          </protocol>
          <protocol type="MERGE3"/>
          <protocol type="FD_SOCK">
            <property name="start_port">7699</property>
            <property name="external_addr">${jgroups.external.addr}</property>
          </protocol>
          <protocol type="FD"/>
          <protocol type="VERIFY_SUSPECT"/>
          <protocol type="pbcast.NAKACK2"/>
          <protocol type="UNICAST3"/>
          <protocol type="pbcast.STABLE"/>
          <protocol type="pbcast.GMS"/>
          <protocol type="MFC"/>
          <protocol type="FRAG2"/>
          <protocol type="RSVP"/>
        </stack>
      </stacks>
        </subsystem>
    </xsl:template>

    <xsl:template match="@*|node()">
        <xsl:copy>
            <xsl:apply-templates select="@*|node()"/>
        </xsl:copy>
    </xsl:template>
</xsl:stylesheet>

start.sh

#!/bin/bash
#
# Prepares Keycloak for a specific environment and execs the server.
#

set -e # Fail if any command fails

export LANG=en_US.UTF-8
# Amazon curl operation to get the machine's local IP addr (will be private interface)
EXTERNAL_HOST_IP=$(curl http://169.254.169.254/latest/meta-data/local-ipv4)

exec ./bin/standalone.sh -b 0.0.0.0 "$@" -Djava.net.preferIPv4Stack=true -Djgroups.bind_addr=global -Djgroups.external.addr=${EXTERNAL_HOST_IP} "$@"