pikers
/
piker
4
1
Fork 0
Code Issues 10 Pull Requests 14 Packages Projects Releases Wiki Activity
piker/dockering/ib
History
Tyler Goodlet 3751140fca ib: bump `docker/ib/README.rst` 
For the new github image, a high-level look at its basic
features/usage/docs and prosing around our expected default usage with
the `piker.brokers.ib` backend.
 		2025-10-02 22:12:56 -04:00
..
README.rst ib: bump `docker/ib/README.rst` 2025-10-02 22:12:56 -04:00
docker-compose.yml Use new container image mentioned on IBC thread 2023-10-29 13:21:32 -04:00
fork_ports_delayed.sh Add working, template docker setup for `ib-gw` 2022-05-21 14:22:11 -04:00
ibc.ini ib: update ibc.ini from latest upstream template 2023-12-05 16:57:38 -05:00
jts.ini Flip tz to NY, add note about .env file 2022-05-24 09:29:35 -04:00
jts_live.ini Spawn a live account gateway alongside paper 2022-08-31 17:22:15 -04:00
run_x11_vnc.sh I guess go back to doing vnc servers on both? 2022-08-31 17:22:15 -04:00

README.rst

running ib gateway in docker

We have a config based on a well maintained community image from `@gnzsnz`:

https://github.com/gnzsnz/ib-gateway-docker

To startup this image simply run the command:

docker compose up

(For further usage^ see the official docker-compose docs)

And you should have the following socket-available services by default:

  • x11vnc1 @ 127.0.0.1:5900
  • ib-gw @ 127.0.0.1:4002

You can now attach to the container via a VNC client with password-auth; here is an example using vncclient on linux:

vncviewer localhost:5900

now enter the pw you set via an (see second code blob) .env file or pw-file according to the credentials section.

If you want to change away from their default config see the example docker-compose.yml-config issue and config-section of the readme,

IF you also want to run TWS

You can also run it containerized,

https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#using-tws

SECURITY stuff (advanced, only if you're paranoid)

First and foremost if doing a "distributed" container setup where you run the ib-gw docker container and your connecting API client (likely ib_async from python) on different hosts be sure to read the security considerations section!

And for a further (somewhat paranoid) perspective from a long-time-ago serious devops eng..

Though "ib" claims they filter remote host connections outside localhost (aka 127.0.0.1 on ipv4) it's prolly justified if you'd like to filter the socket at the OS level using a stateless firewall rule:

ip rule add not unicast iif lo to 0.0.0.0/0 dport 4002

We will soon have this either baked into our own custom derivative image (or patched into the current upstream one after further testin) but for now you'll have to do it urself, diggity dawg.