### Custom start script for installing tools Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt A bash script to be placed in `init-scripts/start_scripts/` that runs before Xvfb starts. It installs additional packages required by the environment. ```bash #!/bin/bash # Runs before Xvfb starts — install extra packages, set up environment apt-get install -y --no-install-recommends some-tool ``` -------------------------------- ### Build and Run with Local Installer Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md After modifying the Dockerfile and placing the necessary installer files, use this command to build and run the Docker image. ```bash docker-compose up --build ``` -------------------------------- ### Install and Configure pre-commit Hooks Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/CONTRIBUTING.md Install pre-commit to ensure code adheres to project standards and set up the git hook scripts. ```bash pip install pre-commit pre-commit install ``` -------------------------------- ### Modify Dockerfile for Local Installer Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Replace the default download commands in the Dockerfile with the COPY command to use a local IB Gateway installer file. Ensure the filename matches the configured version. ```dockerfile RUN curl -sSL https://github.com/gnzsnz/ib-gateway-docker/raw/gh-pages/ibgateway-releases/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh \ --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh RUN curl -sSL https://github.com/gnzsnz/ib-gateway-docker/raw/gh-pages/ibgateway-releases/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 \ --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 ``` ```dockerfile COPY ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh ``` -------------------------------- ### Custom config.ini excerpt Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt An example excerpt of `config.ini` showing key settings that can be manually managed when `CUSTOM_CONFIG` is enabled. This file controls IBC behavior. ```ini # config.ini excerpt — key settings managed manually when CUSTOM_CONFIG=yes IbLoginId=myUsername IbPassword=myPassword TradingMode=live AcceptNonBrokerageAccountWarning=yes ExistingSessionDetectedAction=primary AutoRestartTime=11:59 PM ReadOnlyApi=no AcceptIncomingConnectionAction=accept AllowBlindTrading=no SaveTwsSettingsAt=08:00 12:30 17:30 ``` -------------------------------- ### Start IB Gateway Docker Container Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Command to launch the Docker Compose services defined in your docker-compose.yml file. Ensure both docker-compose.yml and .env are in the current directory. ```bash docker compose up ``` -------------------------------- ### Environment Variables for IB Gateway Docker Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Example .env file for configuring IB Gateway Docker container. Set your TWS credentials and other operational parameters here. Ensure this file is in the root directory. ```bash TWS_USERID=myTwsAccountName TWS_PASSWORD=myTwsPassword # see credentials section #TWS_PASSWORD_FILE #TWS_USERID_PAPER= #TWS_PASSWORD_PAPER= #TWS_PASSWORD_PAPER_FILE= # ib-gateway #TWS_SETTINGS_PATH=/home/ibgateway/Jts # tws #TWS_SETTINGS_PATH=/config/tws_settings TWS_SETTINGS_PATH= TWS_ACCEPT_INCOMING= TRADING_MODE=paper READ_ONLY_API=no VNC_SERVER_PASSWORD=myVncPassword TWOFA_TIMEOUT_ACTION=restart TWOFA_DEVICE= BYPASS_WARNING= AUTO_RESTART_TIME=11:59 PM AUTO_LOGOFF_TIME= TWS_COLD_RESTART= SAVE_TWS_SETTINGS= RELOGIN_AFTER_TWOFA_TIMEOUT=yes EXISTING_SESSION_DETECTED_ACTION=primary ALLOW_BLIND_TRADING=no TIME_ZONE=Europe/Zurich CUSTOM_CONFIG= SSH_TUNNEL= SSH_OPTIONS= SSH_ALIVE_INTERVAL= SSH_ALIVE_COUNT= SSH_PASSPHRASE= SSH_REMOTE_PORT= SSH_USER_TUNNEL= SSH_RESTART= SSH_VNC_PORT= #START_SCRIPTS=init-scripts/start_scripts #X_SCRIPTS=init-scripts/x_scripts #IBC_SCRIPTS=init-scripts/ibc_scripts ``` -------------------------------- ### Custom Startup Scripts Configuration Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Specifies environment variables to define paths for custom shell scripts that run at different stages of the IB Gateway container startup: before X starts (START_SCRIPTS), after X is up (X_SCRIPTS), and after IBC launches (IBC_SCRIPTS). ```bash # .env START_SCRIPTS=init-scripts/start_scripts # Relative to $HOME in container X_SCRIPTS=init-scripts/x_scripts IBC_SCRIPTS=init-scripts/ibc_scripts ``` -------------------------------- ### Docker Compose Configuration with Docker Secrets Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/README.md This docker-compose.yml example demonstrates how to use Docker secrets to securely manage sensitive credentials like TWS password, SSH passphrase, and VNC password. ```yaml name: algo-trader services: ib-gateway: ... environment: ... TWS_PASSWORD_FILE: /run/secrets/tws_password SSH_PASSPHRASE_FILE: /run/secrets/ssh_passphrase VNC_SERVER_PASSWORD_FILE: /run/secrets/vnc_password ... secrets: - tws_password - ssh_passphrase - vnc_password ... secrets: tws_password: file: tws_password.txt ssh_passphrase: file: ssh_password.txt vnc_password: file: vnc_password.txt ``` -------------------------------- ### Run IB Gateway with Docker Compose Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Configure and run IB Gateway in a Docker container using docker-compose.yml. This setup exposes API ports and optionally a VNC port for visual access. Ensure your .env file contains necessary credentials and settings. ```yaml # docker-compose.yml name: algo-trader services: ib-gateway: restart: always image: ghcr.io/gnzsnz/ib-gateway:stable environment: TWS_USERID: ${TWS_USERID} TWS_PASSWORD: ${TWS_PASSWORD} TRADING_MODE: ${TRADING_MODE:-paper} VNC_SERVER_PASSWORD: ${VNC_SERVER_PASSWORD:-} TWOFA_TIMEOUT_ACTION: ${TWOFA_TIMEOUT_ACTION:-exit} AUTO_RESTART_TIME: ${AUTO_RESTART_TIME:-} RELOGIN_AFTER_TWOFA_TIMEOUT: ${RELOGIN_AFTER_TWOFA_TIMEOUT:-no} TIME_ZONE: ${TIME_ZONE:-Etc/UTC} ports: - "127.0.0.1:4001:4003" # live API port (socat forwards 4003→4001) - "127.0.0.1:4002:4004" # paper API port (socat forwards 4004→4002) - "127.0.0.1:5900:5900" # VNC (only active if VNC_SERVER_PASSWORD is set) ``` ```bash # .env file TWS_USERID=myIbkrUsername TWS_PASSWORD=myIbkrPassword TRADING_MODE=paper VNC_SERVER_PASSWORD=myVncPassword AUTO_RESTART_TIME=11:59 PM RELOGIN_AFTER_TWOFA_TIMEOUT=yes TIME_ZONE=America/New_York # Start the container docker compose up -d # Check logs docker compose logs -f ib-gateway # Connect an IB API client (e.g., ib_insync in Python) # from ib_insync import IB # ib = IB() # ib.connect('127.0.0.1', 4002, clientId=1) # paper port ``` -------------------------------- ### Docker Compose with Docker Secrets for Credentials Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Example docker-compose.yml demonstrating the use of Docker secrets to manage sensitive credentials like TWS password, SSH passphrase, and VNC password. Ensure the corresponding secret files exist. ```yaml name: algo-trader services: ib-gateway: ... environment: ... TWS_PASSWORD_FILE: /run/secrets/tws_password SSH_PASSPHRASE_FILE: /run/secrets/ssh_passphrase VNC_SERVER_PASSWORD_FILE: /run/secrets/vnc_password ... secrets: - tws_password - ssh_passphrase - vnc_password ... secrets: tws_password: file: tws_password.txt ssh_passphrase: file: ssh_password.txt vnc_password: file: vnc_password.txt ``` -------------------------------- ### socat forwarding and port reference Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Illustrates the port mapping for IB Gateway and TWS, showing how internal API ports are forwarded by socat to be accessible from the host. Includes example ports for live and paper trading. ```text IB Gateway (ib-gateway image): Internal API port → socat published port → docker-compose host mapping 127.0.0.1:4001 → 0.0.0.0:4003 → 127.0.0.1:4001 (live) 127.0.0.1:4002 → 0.0.0.0:4004 → 127.0.0.1:4002 (paper) VNC:5900 → (direct) → 127.0.0.1:5900 TWS (tws-rdesktop image): 127.0.0.1:7496 → 0.0.0.0:7498 → 127.0.0.1:7496 (live) 127.0.0.1:7497 → 0.0.0.0:7499 → 127.0.0.1:7497 (paper) RDP:3389 → (direct) → 127.0.0.1:3370 ``` -------------------------------- ### Run TWS with RDP via Docker Compose Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Configure and run TWS in a Docker container for full desktop access via RDP. This setup includes GPU acceleration and increased shared memory for performance. Ensure your .env file contains necessary credentials and settings. ```yaml # tws-docker-compose.yml name: algo-trader services: tws: restart: unless-stopped devices: - /dev/dri:/dev/dri # GPU acceleration (recommended) shm_size: "1gb" # Shared memory (recommended for TWS) security_opt: - seccomp:unconfined # Required for TWS performance image: ghcr.io/gnzsnz/tws-rdesktop:stable environment: PUID: 1000 PGID: 1000 PASSWD: myRdpPassword # RDP login password for user 'abc' TWS_USERID: ${TWS_USERID} TWS_PASSWORD: ${TWS_PASSWORD} TRADING_MODE: paper JAVA_HEAP_SIZE: 1024 # MB; increase for complex TWS layouts TIME_ZONE: Europe/London TWOFA_TIMEOUT_ACTION: restart AUTO_RESTART_TIME: "11:59 PM" volumes: - ./config:/config # Persist TWS settings across restarts - tws_tmp:/tmp # Recommended for performance ports: - "127.0.0.1:7496:7498" # live TWS API port - "127.0.0.1:7497:7499" # paper TWS API port - "127.0.0.1:3370:3389" # RDP port (connect with any RDP client) volumes: tws_tmp: ``` ```bash docker compose -f tws-docker-compose.yml up -d # Connect via RDP client: # Host: 127.0.0.1:3370 User: abc Password: myRdpPassword ``` -------------------------------- ### Persistent Settings with Volumes for IB Gateway Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Configures the IB Gateway to use a Docker volume or bind mount for persistent TWS settings, ensuring configurations like jts.ini and layouts are preserved across container restarts. The TIME_ZONE environment variable is only applied on the first container start. ```yaml # docker-compose.yml — persistent settings for ib-gateway services: ib-gateway: image: ghcr.io/gnzsnz/ib-gateway:stable environment: TWS_USERID: ${TWS_USERID} TWS_PASSWORD: ${TWS_PASSWORD} TRADING_MODE: paper TWS_SETTINGS_PATH: /home/ibgateway/tws_settings # IBC --tws-settings-path TIME_ZONE: Europe/Paris # Only applied on FIRST start (if jts.ini absent) volumes: - ${PWD}/tws_settings:/home/ibgateway/tws_settings ports: - "127.0.0.1:4001:4003" - "127.0.0.1:4002:4004" # For TWS (tws-rdesktop), use the /config volume: # volumes: # - ./config:/config # environment: # TWS_SETTINGS_PATH: /config/tws_settings ``` -------------------------------- ### Automate IB Gateway Startup with Scripts Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Use environment variables START_SCRIPTS, X_SCRIPTS, and IBC_SCRIPTS to specify directories containing startup scripts for IB Gateway. Mount these directories into the container using volumes. ```bash # .env file START_SCRIPTS=init-scripts/start_scripts X_SCRIPTS=init-scripts/x_scripts IBC_SCRIPTS=init-scripts/ibc_scripts ``` ```yaml volume: - ${PWD}/init-scripts:/home/ibgateway/init-scripts ``` -------------------------------- ### Listing initialization scripts Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Demonstrates how to list the contents of the `start_scripts` directory to verify script ordering. Scripts are discovered alphabetically. ```bash # Scripts are discovered alphabetically; naming convention controls order: ls init-scripts/start_scripts/ # 00-pre-setup.sh 10-configure.sh 99-final.sh ``` -------------------------------- ### Build and Test Docker Image Locally Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/CONTRIBUTING.md Create a .env file from the distribution sample, configure it, and then use docker-compose to build the image for local testing. ```bash cp .env-dist .env nano .env docker-compose -f docker-compose.yml build --pull ``` -------------------------------- ### Basic docker-compose.yml for IB Gateway Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Sets up the IB Gateway service with environment variables for trading modes and credentials, and maps ports for live, paper, and VNC access. It also configures a volume for persistent TWS settings. ```yaml services: ib-gateway: image: ghcr.io/gnzsnz/ib-gateway:stable environment: TRADING_MODE: both TWS_USERID: ${TWS_USERID} TWS_PASSWORD: ${TWS_PASSWORD} TWS_USERID_PAPER: ${TWS_USERID_PAPER} TWS_PASSWORD_PAPER: ${TWS_PASSWORD_PAPER} TWS_SETTINGS_PATH: /home/ibgateway/Jts ports: - "127.0.0.1:4001:4003" # live API - "127.0.0.1:4002:4004" # paper API - "127.0.0.1:5900:5900" # VNC volumes: - ./tws_settings:/home/ibgateway/Jts # IBC will create Jts_live/ and Jts_paper/ directories automatically ``` -------------------------------- ### Building IB Gateway Docker image locally Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Steps to clone the repository, regenerate Dockerfiles for a specific version using `update.sh`, and then build the `ib-gateway` and `tws-rdesktop` Docker images locally using `docker build`. ```bash # Clone the repository git clone https://github.com/gnzsnz/ib-gateway-docker cd ib-gateway-docker # Regenerate Dockerfiles for stable channel at a specific version ./update.sh stable 10.45.1e # Build the ib-gateway image locally docker build -t my-ib-gateway:stable ./stable # Build the tws-rdesktop image locally docker build -f ./stable/Dockerfile.tws -t my-tws-rdesktop:stable ./stable # Or build-and-run directly via docker compose (uses ./latest context by default) docker compose up --build # To use a locally downloaded IB Gateway installer instead of GitHub releases, # edit stable/Dockerfile: replace the curl download line with: # COPY ibgateway-10.45.1e-standalone-linux-x64.sh . # Then place the .sh file in the stable/ directory before building. ``` -------------------------------- ### Configure Parallel Live and Paper Trading Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Set up environment variables in your .env file to enable simultaneous live and paper trading sessions within a single container. This requires separate credentials for both live and paper accounts. ```bash # .env TWS_USERID=myLiveUsername TWS_PASSWORD=myLivePassword TWS_USERID_PAPER=myPaperUsername # Required when TRADING_MODE=both TWS_PASSWORD_PAPER=myPaperPassword # Required when TRADING_MODE=both TRADING_MODE=both TWS_SETTINGS_PATH=/home/ibgateway/Jts # Will create: Jts_live and Jts_paper TIME_ZONE=America/New_York VNC_SERVER_PASSWORD=myVncPassword ``` -------------------------------- ### Clone the Repository Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Clone the repository to your local machine to begin the local build process. ```bash git clone https://github.com/gnzsnz/ib-gateway-docker ``` -------------------------------- ### Basic docker-compose.yml for IB Gateway Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Defines the IB Gateway service, specifying the image, environment variables for script paths and credentials, and volume mounts for custom scripts. ```yaml services: ib-gateway: image: ghcr.io/gnzsnz/ib-gateway:stable environment: START_SCRIPTS: init-scripts/start_scripts X_SCRIPTS: init-scripts/x_scripts IBC_SCRIPTS: init-scripts/ibc_scripts TWS_USERID: ${TWS_USERID} TWS_PASSWORD: ${TWS_PASSWORD} volumes: - ${PWD}/init-scripts:/home/ibgateway/init-scripts ``` -------------------------------- ### docker-compose.yml with custom configuration Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Configures the IB Gateway service to use custom configuration files (`config.ini`, `jts.ini`) by setting `CUSTOM_CONFIG=yes` and mounting the files. Also sets the trading mode and exposes ports. ```yaml services: ib-gateway: image: ghcr.io/gnzsnz/ib-gateway:stable environment: CUSTOM_CONFIG: "yes" TWS_USERID: ${TWS_USERID} TWS_PASSWORD: ${TWS_PASSWORD} TRADING_MODE: live volumes: - ${PWD}/config.ini:/home/ibgateway/ibc/config.ini # Full IBC config - ${PWD}/jts.ini:/home/ibgateway/Jts/jts.ini # Gateway jts.ini ports: - "127.0.0.1:4001:4003" ``` -------------------------------- ### Run pre-commit Hooks Before Committing Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/CONTRIBUTING.md Execute all pre-commit hooks on all files to format and lint code before committing changes. This ensures adherence to coding standards. ```bash pre-commit run --all-files ``` -------------------------------- ### Update Release Files with Script Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/CONTRIBUTING.md Run the update.sh script to propagate changes from `image-files/` to `latest/` and `stable/` directories. Specify the channel and version for the update. ```bash ./update.sh ``` -------------------------------- ### SSH Tunnel Commands Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md These commands demonstrate setting up SSH tunnels for remote port forwarding. The first command is managed by the container, while the second is for the Jupyter-Quant container. Ensure keys are added to the SSH agent. ```bash # on ib gateway - this is managed by the container ssh -NR 4001:localhost:4001 ibgateway@bastion ``` ```bash # on juypter-quant container. eval $(ssh-agent) # start agent ssh-add # add keys to agent # -f will send it to foreground ssh -o ServerAliveInterval=20 -o ServerAliveCountMax=3 -fNL 4001:localhost:4001 jupyter@bastion ``` ```bash # on desktop connect to VNC ssh -o ServerAliveInterval=20 -o ServerAliveCountMax=3 -NL 5900:localhost:5900 trader@bastion ``` -------------------------------- ### Docker Compose Configuration for Customizing Image Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md This configuration snippet demonstrates how to set environment variables and volumes to customize the IB Gateway or TWS Docker image. Ensure that custom configuration files are provided and that the `CUSTOM_CONFIG` environment variable is set to 'yes'. ```yaml ... environment: - CUSTOM_CONFIG: yes ... volumes: - ${PWD}/config.ini:/home/ibgateway/ibc/config.ini - ${PWD}/jts.ini:/home/ibgateway/Jts/jts.ini # for IB Gateway - ${PWD}/jts.ini:/opt/ibkr/jts.ini # for TWS - ${PWD}/config.ini:/opt/ibc/config.ini # for TWS ... ``` -------------------------------- ### Run IB Gateway with aarch64 Support Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md These commands are used to pull the correct image for aarch64 architecture when running IB Gateway or TWS. ```bash # ib-gateway docker compose up # TWS docker compose -f tws-docker-compose.yml up ``` -------------------------------- ### Docker Compose Configuration for IB Gateway Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Defines the services, build context, image, environment variables, and ports for the IB Gateway Docker container. Ensure your .env file is correctly configured. ```yaml name: algo-trader services: ib-gateway: restart: always build: context: ./stable tags: - "ghcr.io/gnzsnz/ib-gateway:stable" image: ghcr.io/gnzsnz/ib-gateway:stable environment: TWS_USERID: ${TWS_USERID} TWS_PASSWORD: ${TWS_PASSWORD} TWS_PASSWORD_FILE: ${TWS_PASSWORD_FILE} TRADING_MODE: ${TRADING_MODE:-paper} TWS_SETTINGS_PATH: ${TWS_SETTINGS_PATH:-} TWS_ACCEPT_INCOMING: ${TWS_ACCEPT_INCOMING:-} TWS_MASTER_CLIENT_ID: ${TWS_MASTER_CLIENT_ID:-} READ_ONLY_API: ${READ_ONLY_API:-} VNC_SERVER_PASSWORD: ${VNC_SERVER_PASSWORD:-} TWOFA_TIMEOUT_ACTION: ${TWOFA_TIMEOUT_ACTION:-exit} BYPASS_WARNING: ${BYPASS_WARNING:-} AUTO_RESTART_TIME: ${AUTO_RESTART_TIME:-} AUTO_LOGOFF_TIME: ${AUTO_LOGOFF_TIME:-} TWS_COLD_RESTART: ${TWS_COLD_RESTART:-} SAVE_TWS_SETTINGS: ${SAVE_TWS_SETTINGS:-} RELOGIN_AFTER_TWOFA_TIMEOUT: ${RELOGIN_AFTER_TWOFA_TIMEOUT:-no} TWOFA_EXIT_INTERVAL: ${TWOFA_EXIT_INTERVAL:-60} TWOFA_DEVICE: ${TWOFA_DEVICE:-} EXISTING_SESSION_DETECTED_ACTION: ${EXISTING_SESSION_DETECTED_ACTION:-primary} ALLOW_BLIND_TRADING: ${ALLOW_BLIND_TRADING:-no} TIME_ZONE: ${TIME_ZONE:-Etc/UTC} TZ: ${TIME_ZONE:-Etc/UTC} CUSTOM_CONFIG: ${CUSTOM_CONFIG:-NO} JAVA_HEAP_SIZE: ${JAVA_HEAP_SIZE:-} SSH_TUNNEL: ${SSH_TUNNEL:-} SSH_OPTIONS: ${SSH_OPTIONS:-} SSH_ALIVE_INTERVAL: ${SSH_ALIVE_INTERVAL:-} SSH_ALIVE_COUNT: ${SSH_ALIVE_COUNT:-} SSH_PASSPHRASE: ${SSH_PASSPHRASE:-} SSH_REMOTE_PORT: ${SSH_REMOTE_PORT:-} SSH_USER_TUNNEL: ${SSH_USER_TUNNEL:-} SSH_RESTART: ${SSH_RESTART:-} SSH_VNC_PORT: ${SSH_VNC_PORT:-} START_SCRIPTS: ${START_SCRIPTS:-} X_SCRIPTS: ${X_SCRIPTS:-} IBC_SCRIPTS: ${IBC_SCRIPTS:-} # volumes: # - ${PWD}/jts.ini:/home/ibgateway/Jts/jts.ini # - ${PWD}/config.ini:/home/ibgateway/ibc/config.ini # - ${PWD}/tws_settings/:${TWS_SETTINGS_PATH:-/home/ibgateway/Jts} # - ${PWD}/ssh/:/home/ibgateway/.ssh # - ${PWD}/init-scripts:/home/ibgateway/init-scripts ports: - "127.0.0.1:4001:4003" - "127.0.0.1:4002:4004" - "127.0.0.1:5900:5900" ``` -------------------------------- ### Custom IBC script for notifications Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt A bash script for `init-scripts/ibc_scripts/` that executes after IB Gateway launches. It can be used for sending health notifications or other post-launch tasks. ```bash #!/bin/bash # Runs after IBC has launched IB Gateway — e.g., send a health notification curl -s -X POST https://ntfy.sh/my-alerts \ -d "IB Gateway started in ${TRADING_MODE} mode" ``` -------------------------------- ### Preserve IB Gateway Settings with Volumes Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/README.md Configure environment variables and volumes to preserve IB Gateway settings across container restarts. Ensure the TWS_SETTINGS_PATH is correctly mapped to a volume. ```yaml environment: - TWS_SETTINGS_PATH: /home/ibgateway/tws_settings # IB Gateway - TWS_SETTINGS_PATH: /config/tws_settings # tws rdesktop ... volumes: - ${PWD}/tws_settings:/home/ibgateway/tws_settings # IB Gateway - ${PWD}/config:/config # for TWS we use linuxserver /config volume ... ``` -------------------------------- ### Managing socat process for API forwarding Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Commands to manually restart socat if the API connection drops and to verify that socat is running and correctly forwarding the API port. Includes a telnet command to test reachability. ```bash # Restart socat manually if API connection drops (socat auto-restarts in ~5s): docker exec algo-trader-ib-gateway-1 pkill -x socat # Verify socat is running and forwarding: docker exec algo-trader-ib-gateway-1 pgrep -a socat # Expected output: socat TCP-LISTEN:4004,fork TCP:127.0.0.1:4002 # Test API port reachability from host: telnet 127.0.0.1 4002 ``` -------------------------------- ### Expose IB API Port to Host Network Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md This configuration exposes the IB API ports (4001, 4002) and VNC port (5900) to the host network. This is an insecure configuration suitable only for short tests in a secure network. ```yaml ports: - "4001:4003" - "4002:4004" - "5900:5900" ``` -------------------------------- ### Preserve IB Gateway Settings with Volumes Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Configure environment variables and volumes in docker-compose.yml to preserve IB Gateway settings across container restarts. Ensure TWS_SETTINGS_PATH is correctly set for both IB Gateway and TWS. ```yaml environment: - TWS_SETTINGS_PATH: /home/ibgateway/tws_settings # IB Gateway - TWS_SETTINGS_PATH: /config/tws_settings # tws rdesktop ... volumes: - ${PWD}/tws_settings:/home/ibgateway/tws_settings # IB Gateway - ${PWD}/config:/config # for TWS we use linuxserver / config volume ... ``` -------------------------------- ### Docker Compose Volume Mount for SSH Keys Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/README.md This YAML snippet shows how to configure volume mounts in docker-compose.yml to provide SSH keys to the IB Gateway container and TWS. ```yaml volumes: - ${PWD}/ssh:/home/ibgateway/.ssh # IB Gateway - ${PWD}/config/ssh:/config/.ssh # TWS ``` -------------------------------- ### Docker Compose Volume Mounts for SSH Keys Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Configure volume mounts in your docker-compose.yml to provide SSH keys to the IB Gateway and TWS configurations. Ensure keys have standard names and proper permissions. ```yaml ... volumes: - ${PWD}/ssh:/home/ibgateway/.ssh # IB Gateway - ${PWD}/config/ssh:/config/.ssh # TWS ... ``` -------------------------------- ### Expose IB Gateway to Docker Network Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Configure IB Gateway to be accessible by other services within the same Docker network ('trader'). Access is via the service hostname 'ib-gateway'. Ports are commented out, indicating they are not exposed directly to the host. ```yaml services: ib-gateway: networks: - trader # ports: # commented out # - "4001:4003" # - "4002:4004" # - "5900:5900" networks: trader: ``` -------------------------------- ### Docker Compose with Docker Secrets for Credentials Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Configures the IB Gateway service to use Docker secrets for sensitive credentials like passwords and VNC passwords, enhancing security by avoiding plain-text environment variables. Ensure secret files are created with appropriate permissions. ```yaml # docker-compose.yml with Docker secrets name: algo-trader services: ib-gateway: image: ghcr.io/gnzsnz/ib-gateway:stable environment: TWS_USERID: myUsername TWS_PASSWORD_FILE: /run/secrets/tws_password # Read password from file VNC_SERVER_PASSWORD_FILE: /run/secrets/vnc_password SSH_PASSPHRASE_FILE: /run/secrets/ssh_passphrase TRADING_MODE: paper secrets: - tws_password - vnc_password - ssh_passphrase ports: - "127.0.0.1:4001:4003" - "127.0.0.1:4002:4004" secrets: tws_password: file: ./secrets/tws_password.txt # Plain text file: just the password vnc_password: file: ./secrets/vnc_password.txt ssh_passphrase: file: ./secrets/ssh_passphrase.txt ``` ```bash # Create secret files (no trailing newline recommended) printf 'mySecretIbkrPassword' > ./secrets/tws_password.txt printf 'myVncPassword' > ./secrets/vnc_password.txt chmod 600 ./secrets/*.txt docker compose up -d ``` -------------------------------- ### Restart socat Process Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Use this command to restart the socat process if you encounter API connection problems. The process will automatically restart after a configured delay. ```bash docker exec -it algo-trader-ib-gateway-1 pkill -x socat ``` -------------------------------- ### SSH Tunnel Configuration for Secure Remote API Access Source: https://context7.com/gnzsnz/ib-gateway-docker/llms.txt Defines environment variables for establishing an SSH tunnel to securely forward IB API ports. It specifies the SSH user, server, passphrase, and keep-alive settings. The docker-compose.yml mounts SSH keys into the container. ```bash # .env — SSH tunnel configuration TWS_USERID=myUsername TWS_PASSWORD=myPassword TRADING_MODE=paper SSH_TUNNEL=yes # 'yes' disables socat; use 'both' to keep socat too SSH_USER_TUNNEL=ibgateway@my-bastion-server.example.com SSH_PASSPHRASE=myKeyPassphrase # Starts ssh-agent and adds ~/.ssh/id_* keys SSH_ALIVE_INTERVAL=20 # ServerAliveInterval seconds SSH_ALIVE_COUNT=3 # ServerAliveCountMax SSH_RESTART=5 # Seconds to wait before restarting a broken tunnel SSH_VNC_PORT=5900 # Also tunnel VNC port (optional) ``` ```yaml # docker-compose.yml — mount SSH keys into the container services: ib-gateway: image: ghcr.io/gnzsnz/ib-gateway:stable environment: SSH_TUNNEL: yes SSH_USER_TUNNEL: ibgateway@my-bastion-server.example.com SSH_PASSPHRASE: ${SSH_PASSPHRASE} TRADING_MODE: paper TWS_USERID: ${TWS_USERID} TWS_PASSWORD: ${TWS_PASSWORD} volumes: - ${PWD}/ssh:/home/ibgateway/.ssh # Must contain id_rsa (chmod 600) # No 'ports:' needed — access via SSH tunnel on the bastion # On the client machine (e.g., Jupyter Quant container): # ssh -fNL 4002:localhost:4002 jupyter@my-bastion-server.example.com # ib.connect('127.0.0.1', 4002, clientId=1) ``` ```bash # Prepare SSH keys with correct permissions mkdir -p ./ssh cp ~/.ssh/id_ed25519 ./ssh/ cp ~/.ssh/known_hosts ./ssh/ chmod 600 ./ssh/id_ed25519 # Restart a broken SSH tunnel manually without restarting the container docker exec algo-trader-ib-gateway-1 pkill -x ssh # Tunnel auto-restarts after SSH_RESTART seconds ``` -------------------------------- ### Restart SSH Tunnel Source: https://github.com/gnzsnz/ib-gateway-docker/blob/master/template_README.md Execute this command to restart the SSH tunnel if you experience connection issues. The tunnel will automatically restart after a configured delay. ```bash docker exec -it algo-trader-ib-gateway-1 pkill -x ssh ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.