Interactive Brokers Gateway Docker
Interactive Brokers Gateway running in Docker. Ships with VNC over ssh for debugging.
Running an environment for API access to Interactive Brokers is notoriously difficult. This docker image aims to make it possible to spin up an accessible IB API with a single docker command.
NOTICE
HEAD of this repo is in active development. At the moment, HEAD works great, but if you expose the VNC port it is unsecured. Exposing the VNC port is not needed, and discouraged. But it can be used for debugging purposes in a secure environment.
The last working commit with ssh protection of VNC was https://github.com/riazarbi/ib-headless/tree/4416746e31afe55443de672686991820b0ef9bc8 , but the user running everything is root.
Ports
These are the services that will run when you spin up this container.
- vnc runs on port 5900
Flags
USERNAME
: IB usernamePASSWORD
: IB passwordTRADINGMODE
: paper or live
You can either use the flags above to authenticate with IB, or you can mount in your own IBC config.ini
file (example here) at /root/ibc/config.ini
in the container. The flags will overwrite anything in that location so use either the flags or the mount, not both.
Intended Usage
Method 1: Expose the IB API but NOT ssh or VNC
docker run -it --rm --name broker -p 4003:4003 -e USERNAME=ibuser -e PASSWORD=ibpasswd -e TRADINGMODE=live riazarbi/ib-headless:latest
Method 2: Expose the VNC for interacting with gateway manually
!!IF YOU EXPOSE PORT 5900 ANYONE CAN ACCESS YOUR USER. ONLY EXPOSE PORT 5900 IF YOU ARE A SECURE ENVIRONMENT.!!
docker run -it --rm --name broker -p 5900:5900 -p 4003:4003 -e USERNAME=ibuser -e PASSWORD=ibpasswd -e TRADINGMODE=live riazarbi/ib-headless:latest
From your laptop:
# in another terminal window
vncviewer server-ip:5900
What runs in this container?
The base image is debian:buster
.
On top of that we install openbox
and tint2
.
We run tigervnc
on top of that.
We install IB gateway
stable version directly from Interactive Brokers' website.
We install ibc
from IBCAlpha to control gateway.
It is all run by unprivileged user broker
via supervisord
.