waytrade/ib-gateway
Interactive Brokers Gateway on Docker
4.1K
Github page: https://github.com/waytrade/ib-gateway-docker
The docker image version tag is similar to the IB Gateway version on the image.
Example: waytrade/ib-gateway:981 contains IB Gateway v981
See Supported tags
A docker image to run the Interactive Brokers Gateway Application without any human interaction on a docker container.
It includes:
Create a docker-compose.yml
(or include ib-gateway services on your
existing one)
version: "3.4"
services:
ib-gateway:
image: waytrade/ib-gateway:981.3j
restart: always
environment:
TWS_USERID: ${TWS_USERID}
TWS_PASSWORD: ${TWS_PASSWORD}
TRADING_MODE: ${TRADING_MODE:-live}
VNC_SERVER_PASSWORD: ${VNC_SERVER_PASSWORD:-}
ports:
- "127.0.0.1:4001:4001"
- "127.0.0.1:4002:4002"
- "127.0.0.1:5900:5900"
Create an .env on root directory or set the following environment variables:
Varabiel | Description | Default |
---|---|---|
TWS_USERID | The TWS user name. | |
TWS_PASSWORD | The TWS password. | |
TRADING_MODE | 'live' or 'paper' | paper |
VNC_SERVER_PASSWORD | VNC server password. If not defined, no VNC server will be started. | not defined (VNC disabled) |
Example .env file:
TWS_USERID=myTwsAccountName
TWS_PASSWORD=myTwsPassword
TRADING_MODE=paper
VNC_SERVER_PASSWORD=myVncPassword
Run:
$ docker-compose up
After image is downloaded, container is started + 30s, the following ports will be ready for usage on the container and docker host:
Port | Description |
---|---|
4001 | TWS API port for live accounts. |
4002 | TWS API port for paper accounts. |
5900 | When VNC_SERVER_PASSWORD was defined, the VNC server port. |
Note that with the above docker-compose.yml
, ports are only exposed to the
docker host (127.0.0.1), but not to the network of the host. To expose it to
the whole network change the port mappings on accordingly (remove the
'127.0.0.1:'). Attention: See Leaving localhost
The docker image version is similar to the IB Gateway version on the image.
See Supported tags
The image can be customized by overwiting the default configuration files with custom ones.
Apps and config file locations:
App | Folder | Config file | Default |
---|---|---|---|
IB Gateway | /root/Jts | /root/Jts/jts.ini | jts.ini |
IBC | /root/ibc | /root/ibc/config.ini | config.ini |
To start the IB Gateway run /root/scripts/run.sh
from your Dockerfile or
run-script.
The IB API protocol is based on an unencrypted, unauthenticated, raw TCP socket
connection between a client and the IB Gateway. If the port to IB API is open
to the network, every device on it (including potential rogue devices) can access
your IB account via the IB Gateway.
Because of this, the default docker-compose.yml
only exposes the IB API port
to the localhost on the docker host, but not to the whole network.
If you want to connect to IB Gateway from a remote device, consider adding an
additional layer of security (e.g. TLS/SSL or SSH tunnel) to protect the
'plain text' TCP sockets against unauthorized access or manipulation.
This image does not contain nor store any user credentials.
They are provided as environment variable during the container startup and
the host is responsible to properly protect it (e.g. use
Kubernetes Secrets
or similar).
docker pull waytrade/ib-gateway