waytrade/ib-gateway

By waytrade

Updated about 3 years ago

Interactive Brokers Gateway on Docker

Image
2

4.1K

Interactive Brokers Gateway Docker

Github page: https://github.com/waytrade/ib-gateway-docker

Tag names

The docker image version tag is similar to the IB Gateway version on the image.

Example: waytrade/ib-gateway:981 contains IB Gateway v981

See Supported tags

What is it?

A docker image to run the Interactive Brokers Gateway Application without any human interaction on a docker container.

It includes:

  • IB Gateway Application
  • IBC Application - to control the IB Gateway Application (simulates user input).
  • Xvfb - a X11 virtual framebuffer to run IB Gateway Application without graphics hardware.
  • x11vnc - a VNC server that allows to interact with the IB Gateway user interface (optional, for development / maintenance purpose).
  • socat a tool to accept TCP connection from non-localhost and relay it to IB Gateway from localhost (IB Gateway restricts connections to 127.0.0.1 by default).

How to use?

Create a docker-compose.yml (or include ib-gateway services on your existing one)

version: "3.4"

services:
  ib-gateway:
    image: waytrade/ib-gateway:981.3j
    restart: always
    environment:
      TWS_USERID: ${TWS_USERID}
      TWS_PASSWORD: ${TWS_PASSWORD}
      TRADING_MODE: ${TRADING_MODE:-live}
      VNC_SERVER_PASSWORD: ${VNC_SERVER_PASSWORD:-}
    ports:
      - "127.0.0.1:4001:4001"
      - "127.0.0.1:4002:4002"
      - "127.0.0.1:5900:5900"

Create an .env on root directory or set the following environment variables:

VarabielDescriptionDefault
TWS_USERIDThe TWS user name.
TWS_PASSWORDThe TWS password.
TRADING_MODE'live' or 'paper'paper
VNC_SERVER_PASSWORDVNC server password. If not defined, no VNC server will be started.not defined (VNC disabled)

Example .env file:

TWS_USERID=myTwsAccountName
TWS_PASSWORD=myTwsPassword
TRADING_MODE=paper
VNC_SERVER_PASSWORD=myVncPassword

Run:

$ docker-compose up

After image is downloaded, container is started + 30s, the following ports will be ready for usage on the container and docker host:

PortDescription
4001TWS API port for live accounts.
4002TWS API port for paper accounts.
5900When VNC_SERVER_PASSWORD was defined, the VNC server port.

Note that with the above docker-compose.yml, ports are only exposed to the docker host (127.0.0.1), but not to the network of the host. To expose it to the whole network change the port mappings on accordingly (remove the '127.0.0.1:'). Attention: See Leaving localhost

Versions and Tags

The docker image version is similar to the IB Gateway version on the image.

See Supported tags

Customizing the image

The image can be customized by overwiting the default configuration files with custom ones.

Apps and config file locations:

AppFolderConfig fileDefault
IB Gateway/root/Jts/root/Jts/jts.inijts.ini
IBC/root/ibc/root/ibc/config.iniconfig.ini

To start the IB Gateway run /root/scripts/run.sh from your Dockerfile or run-script.

Security Considerations

Leaving localhost

The IB API protocol is based on an unencrypted, unauthenticated, raw TCP socket connection between a client and the IB Gateway. If the port to IB API is open to the network, every device on it (including potential rogue devices) can access your IB account via the IB Gateway.
Because of this, the default docker-compose.yml only exposes the IB API port to the localhost on the docker host, but not to the whole network.
If you want to connect to IB Gateway from a remote device, consider adding an additional layer of security (e.g. TLS/SSL or SSH tunnel) to protect the 'plain text' TCP sockets against unauthorized access or manipulation.

Credentials

This image does not contain nor store any user credentials.
They are provided as environment variable during the container startup and the host is responsible to properly protect it (e.g. use Kubernetes Secrets or similar).

Docker Pull Command

docker pull waytrade/ib-gateway