2.4 KiB
running ib gateway in docker
We have a config based on a well maintained community image from `@gnzsnz`:
https://github.com/gnzsnz/ib-gateway-docker
To startup this image simply run the command:
docker compose up(For further usage^ see the official docker-compose docs)
And you should have the following socket-available services by default:
x11vnc1 @ 127.0.0.1:5900ib-gw @ 127.0.0.1:4002
You can now attach to the container via a VNC client with password-auth; here is an example using vncclient on linux:
vncviewer localhost:5900now enter the pw you set via an (see second code blob) .env file or pw-file according to the credentials section.
If you want to change away from their default config see the example docker-compose.yml-config issue and config-section of the readme,
IF you also want to run TWS
You can also run it containerized,
https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#using-tws
SECURITY stuff (advanced, only if you're paranoid)
First and foremost if doing a "distributed" container setup where you run the ib-gw docker container and your connecting API client (likely ib_async from python) on different hosts be sure to read the security considerations section!
And for a further (somewhat paranoid) perspective from a long-time-ago serious devops eng..
Though "ib" claims they filter remote host connections outside localhost (aka 127.0.0.1 on ipv4) it's prolly justified if you'd like to filter the socket at the OS level using a stateless firewall rule:
ip rule add not unicast iif lo to 0.0.0.0/0 dport 4002We will soon have this either baked into our own custom derivative image (or patched into the current upstream one after further testin) but for now you'll have to do it urself, diggity dawg.