running ``ib`` gateway in ``docker`` ------------------------------------ We have a config based on a well maintained community image from `@gnzsnz`: https://github.com/gnzsnz/ib-gateway-docker To startup this image simply run the command:: docker compose up (For further usage^ see the official `docker-compose`_ docs) And you should have the following socket-available services by default: - ``x11vnc1 @ 127.0.0.1:5900`` - ``ib-gw @ 127.0.0.1:4002`` You can now attach to the container via a VNC client with password-auth; here is an example using ``vncclient`` on ``linux``:: vncviewer localhost:5900 now enter the pw you set via an (see second code blob) `.env file`_ or pw-file according to the `credentials section`_. If you want to change away from their default config see the example `docker-compose.yml`-config issue and config-section of the readme, - https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#configuration - https://github.com/gnzsnz/ib-gateway-docker/discussions/103 .. _.env file: https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#how-to-use-it .. _docker-compose: https://docs.docker.com/compose/ .. _credentials section: https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#credentials IF you also want to run ``TWS`` ------------------------------- You can also run it containerized, https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#using-tws SECURITY stuff (advanced, only if you're paranoid) -------------------------------------------------- First and foremost if doing a "distributed" container setup where you run the ``ib-gw`` docker container and your connecting API client (likely ``ib_async`` from python) on **different hosts** be sure to read the `security considerations`_ section! And for a further (somewhat paranoid) perspective from a long-time-ago serious devops eng.. Though "``ib``" claims they filter remote host connections outside ``localhost`` (aka ``127.0.0.1`` on ipv4) it's prolly justified if you'd like to filter the socket at the *OS level* using a stateless firewall rule:: ip rule add not unicast iif lo to 0.0.0.0/0 dport 4002 We will soon have this either baked into our own custom derivative image (or patched into the current upstream one after further testin) but for now you'll have to do it urself, diggity dawg. .. _security considerations: https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#security-considerations