72 lines
2.4 KiB
ReStructuredText
72 lines
2.4 KiB
ReStructuredText
running ``ib`` gateway in ``docker``
|
|
------------------------------------
|
|
We have a config based on a well maintained community
|
|
image from `@gnzsnz`:
|
|
|
|
https://github.com/gnzsnz/ib-gateway-docker
|
|
|
|
|
|
To startup this image simply run the command::
|
|
|
|
docker compose up
|
|
|
|
(For further usage^ see the official `docker-compose`_ docs)
|
|
|
|
|
|
And you should have the following socket-available services by
|
|
default:
|
|
|
|
- ``x11vnc1 @ 127.0.0.1:5900``
|
|
- ``ib-gw @ 127.0.0.1:4002``
|
|
|
|
You can now attach to the container via a VNC client with password-auth;
|
|
here is an example using ``vncclient`` on ``linux``::
|
|
|
|
vncviewer localhost:5900
|
|
|
|
|
|
now enter the pw you set via an (see second code blob) `.env file`_
|
|
or pw-file according to the `credentials section`_.
|
|
|
|
If you want to change away from their default config see the example
|
|
`docker-compose.yml`-config issue and config-section of the readme,
|
|
|
|
- https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#configuration
|
|
- https://github.com/gnzsnz/ib-gateway-docker/discussions/103
|
|
|
|
.. _.env file: https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#how-to-use-it
|
|
.. _docker-compose: https://docs.docker.com/compose/
|
|
.. _credentials section: https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#credentials
|
|
|
|
|
|
IF you also want to run ``TWS``
|
|
-------------------------------
|
|
You can also run it containerized,
|
|
|
|
https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#using-tws
|
|
|
|
|
|
SECURITY stuff (advanced, only if you're paranoid)
|
|
--------------------------------------------------
|
|
First and foremost if doing a "distributed" container setup where you
|
|
run the ``ib-gw`` docker container and your connecting API client
|
|
(likely ``ib_async`` from python) on **different hosts** be sure to
|
|
read the `security considerations`_ section!
|
|
|
|
And for a further (somewhat paranoid) perspective from
|
|
a long-time-ago serious devops eng..
|
|
|
|
Though "``ib``" claims they filter remote host connections outside
|
|
``localhost`` (aka ``127.0.0.1`` on ipv4) it's prolly justified if
|
|
you'd like to filter the socket at the *OS level* using a stateless
|
|
firewall rule::
|
|
|
|
ip rule add not unicast iif lo to 0.0.0.0/0 dport 4002
|
|
|
|
|
|
We will soon have this either baked into our own custom derivative
|
|
image (or patched into the current upstream one after further testin)
|
|
but for now you'll have to do it urself, diggity dawg.
|
|
|
|
.. _security considerations: https://github.com/gnzsnz/ib-gateway-docker?tab=readme-ov-file#security-considerations
|