├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── dependabot.yml └── workflows │ ├── detect-releases.yml │ └── publish.yml ├── .gitignore ├── Dockerfile.template ├── LICENSE ├── README.md ├── docker-compose.yml ├── image-files ├── config │ ├── ibc │ │ └── config.ini.tmpl │ └── ibgateway │ │ └── jts.ini └── scripts │ ├── fork_ports_delayed.sh │ ├── run.sh │ └── run_x11_vnc.sh ├── latest ├── Dockerfile ├── config │ ├── ibc │ │ └── config.ini.tmpl │ └── ibgateway │ │ └── jts.ini └── scripts │ ├── fork_ports_delayed.sh │ ├── run.sh │ └── run_x11_vnc.sh ├── logo.png ├── stable ├── Dockerfile ├── config │ ├── ibc │ │ └── config.ini.tmpl │ └── ibgateway │ │ └── jts.ini └── scripts │ ├── fork_ports_delayed.sh │ ├── run.sh │ └── run_x11_vnc.sh └── update.sh /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior. 15 | 16 | **Expected behavior** 17 | A clear and concise description of what you expected to happen. 18 | 19 | **Container logs** 20 | If applicable, add the container logs `docker logs ` or `docker-compose logs` to help explain your problem. 21 | 22 | **Versions (please complete the following information):** 23 | - OS: [e.g. Windows] 24 | - Docker version: [e.g. chrome, safari] 25 | - Image Tag (`docker --version`): [e.g. latest] 26 | - Image Digest (`docker images --digests`): [e.g. sha256:60d9d54009b1b66908bbca1ebf5b8a03a39fe0cb35c2ab4023f6e41b55d17894] 27 | 28 | **Additional context** 29 | Add any other context about the problem here. 30 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "docker" 9 | directory: "/stable" 10 | schedule: 11 | interval: "daily" 12 | - package-ecosystem: "docker" 13 | directory: "/latest" 14 | schedule: 15 | interval: "daily" 16 | -------------------------------------------------------------------------------- /.github/workflows/detect-releases.yml: -------------------------------------------------------------------------------- 1 | name: Detect IB Gateway Releases 2 | 3 | on: 4 | schedule: 5 | - cron: "0 8 * * *" 6 | 7 | workflow_dispatch: 8 | 9 | defaults: 10 | run: 11 | shell: "bash -Eeuo pipefail -x {0}" 12 | 13 | jobs: 14 | detect-release: 15 | runs-on: ubuntu-latest 16 | strategy: 17 | fail-fast: true 18 | matrix: 19 | channel: ["stable", "latest"] 20 | steps: 21 | - uses: actions/checkout@v3 22 | 23 | - name: Get Latest Version 24 | id: version 25 | run: | 26 | res=$(curl -s https://download2.interactivebrokers.com/installers/tws/${{ matrix.channel }}-standalone/version.json | sed 's/tws${{ matrix.channel }}_callback(//g;s/);//g') 27 | build_version=$(jq -r '.buildVersion' <<< "$res") 28 | #build_dateTime=$(jq -r '.buildDateTime' <<< "$res") 29 | echo "build_version=$build_version" >> $GITHUB_OUTPUT 30 | #echo "build_dateTime=$build_dateTime" >> $GITHUB_OUTPUT 31 | 32 | - name: Check if there is an update 33 | id: check-update 34 | env: 35 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 36 | run: | 37 | gh release list > /tmp/ibgateway-releases 38 | if grep -qF '${{ steps.version.outputs.build_version }}' /tmp/ibgateway-releases 39 | then 40 | echo "has_update=false" >> $GITHUB_OUTPUT 41 | else 42 | echo "has_update=true" >> $GITHUB_OUTPUT 43 | fi 44 | 45 | - name: Download 46 | if: ${{ steps.check-update.outputs.has_update == 'true' }} 47 | run: | 48 | download_url='https://download2.interactivebrokers.com/installers/ibgateway/${{ matrix.channel }}-standalone/ibgateway-${{ matrix.channel }}-standalone-linux-x64.sh' 49 | dest='ibgateway-${{ steps.version.outputs.build_version }}-standalone-linux-x64.sh' 50 | curl -sSL "$download_url" --output "$dest" 51 | sha256sum "$dest" > "${dest}.sha256" 52 | 53 | - name: Create release 54 | if: ${{ steps.check-update.outputs.has_update == 'true' }} 55 | env: 56 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 57 | run: | 58 | gh release create 'ibgateway-${{ matrix.channel }}@${{ steps.version.outputs.build_version }}' \ 59 | -t 'IB Gateway ${{ matrix.channel }} ${{ steps.version.outputs.build_version }}' \ 60 | -n 'IB Gateway ${{ matrix.channel }} ${{ steps.version.outputs.build_version }} release files' \ 61 | ibgateway-* 62 | 63 | - name: Update ${{ matrix.channel }} 64 | if: ${{ steps.check-update.outputs.has_update == 'true' }} 65 | run: ./update.sh ${{ matrix.channel }} ${{ steps.version.outputs.build_version }} 66 | 67 | - name: Create PR 68 | if: ${{ steps.check-update.outputs.has_update == 'true' }} 69 | env: 70 | GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 71 | run: | 72 | t_branch='update-${{ matrix.channel }}-to-${{ steps.version.outputs.build_version }}' 73 | git config user.name github-actions 74 | git config user.email github-actions@github.com 75 | git pull 76 | git checkout -b "$t_branch" origin/master 77 | git add '${{ matrix.channel }}' 78 | git commit -m 'Update `${{ matrix.channel }}` to `${{ steps.version.outputs.build_version }}`' 79 | git push --set-upstream origin "$t_branch" 80 | 81 | gh pr create --base master --fill 82 | -------------------------------------------------------------------------------- /.github/workflows/publish.yml: -------------------------------------------------------------------------------- 1 | name: "Publish Docker" 2 | 3 | on: 4 | push: 5 | tags: 6 | - "v*" 7 | 8 | jobs: 9 | publish-docker: 10 | name: Publish Docker Image 11 | runs-on: ubuntu-latest 12 | steps: 13 | - name: Checkout source code 14 | uses: actions/checkout@v3 15 | with: 16 | ref: ${{ github.ref }} 17 | lfs: true 18 | - name: Extract release channel 19 | id: channel 20 | run: | 21 | channel=$(cut -d - -f 2 <<< "${{ github.ref_name }}") 22 | echo "channel=$channel" >> $GITHUB_OUTPUT 23 | - name: Docker meta 24 | id: meta 25 | uses: docker/metadata-action@v4 26 | with: 27 | images: ghcr.io/unusualalpha/ib-gateway 28 | flavor: | 29 | latest=false 30 | tags: | 31 | type=match,pattern=v(\d+.\d+),group=1 32 | type=match,pattern=v(\d+.\d+.\w+),group=1 33 | type=match,pattern=v(\d+.\d+.\w+)+\-(stable|latest),group=2 34 | 35 | - name: Log in to the Container registry 36 | uses: docker/login-action@v2 37 | with: 38 | registry: ghcr.io 39 | username: ${{ github.actor }} 40 | password: ${{ secrets.GITHUB_TOKEN }} 41 | 42 | - name: Build and push 43 | uses: docker/build-push-action@v3 44 | with: 45 | context: ${{ steps.channel.outputs.channel }} 46 | push: true 47 | tags: ${{ steps.meta.outputs.tags }} 48 | labels: ${{ steps.meta.outputs.labels }} 49 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.env 2 | -------------------------------------------------------------------------------- /Dockerfile.template: -------------------------------------------------------------------------------- 1 | 2 | # 3 | # Setup Stage: install apps 4 | # 5 | # This is a dedicated stage so that donwload archives don't end up on 6 | # production image and consume unnecessary space. 7 | # 8 | 9 | FROM ubuntu:22.04 as setup 10 | 11 | ENV IB_GATEWAY_VERSION=$VERSION 12 | ENV IB_GATEWAY_RELEASE_CHANNEL=$CHANNEL 13 | ENV IBC_VERSION=3.15.2 14 | 15 | # Prepare system 16 | RUN apt-get update -y 17 | RUN apt-get install --no-install-recommends --yes \ 18 | curl \ 19 | ca-certificates \ 20 | unzip 21 | 22 | WORKDIR /tmp/setup 23 | 24 | # Install IB Gateway 25 | # Use this instead of "RUN curl .." to install a local file: 26 | #COPY ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh . 27 | RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/releases/download/ibgateway-${IB_GATEWAY_RELEASE_CHANNEL}%40${IB_GATEWAY_VERSION}/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh \ 28 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 29 | RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/releases/download/ibgateway-${IB_GATEWAY_RELEASE_CHANNEL}%40${IB_GATEWAY_VERSION}/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 \ 30 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 31 | RUN sha256sum --check ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 32 | RUN chmod a+x ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 33 | RUN ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh -q -dir /root/Jts/ibgateway/${IB_GATEWAY_VERSION} 34 | COPY ./config/ibgateway/jts.ini /root/Jts/jts.ini 35 | 36 | # Install IBC 37 | RUN curl -sSL https://github.com/IbcAlpha/IBC/releases/download/${IBC_VERSION}/IBCLinux-${IBC_VERSION}.zip --output IBCLinux-${IBC_VERSION}.zip 38 | RUN mkdir /root/ibc 39 | RUN unzip ./IBCLinux-${IBC_VERSION}.zip -d /root/ibc 40 | RUN chmod -R u+x /root/ibc/*.sh 41 | RUN chmod -R u+x /root/ibc/scripts/*.sh 42 | COPY ./config/ibc/config.ini.tmpl /root/ibc/config.ini.tmpl 43 | 44 | # Copy scripts 45 | COPY ./scripts /root/scripts 46 | 47 | # 48 | # Build Stage: build production image 49 | # 50 | 51 | FROM ubuntu:22.04 52 | 53 | ENV IB_GATEWAY_VERSION=$VERSION 54 | 55 | WORKDIR /root 56 | 57 | # Prepare system 58 | RUN apt-get update -y 59 | RUN apt-get install --no-install-recommends --yes \ 60 | gettext \ 61 | xvfb \ 62 | libxslt-dev \ 63 | libxrender1 \ 64 | libxtst6 \ 65 | libxi6 \ 66 | libgtk2.0-bin \ 67 | socat \ 68 | x11vnc 69 | 70 | # Copy files 71 | COPY --from=setup /root/ . 72 | RUN chmod a+x /root/scripts/*.sh 73 | COPY --from=setup /usr/local/i4j_jres/ /usr/local/i4j_jres 74 | 75 | # IBC env vars 76 | ENV TWS_MAJOR_VRSN ${IB_GATEWAY_VERSION} 77 | ENV TWS_PATH /root/Jts 78 | ENV IBC_PATH /root/ibc 79 | ENV IBC_INI /root/ibc/config.ini 80 | ENV TWOFA_TIMEOUT_ACTION exit 81 | 82 | # Start run script 83 | CMD ["/root/scripts/run.sh"] 84 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Emanuel Fernandes 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Interactive Brokers Gateway Docker 2 | 3 | 4 | 5 | ## What is it? 6 | 7 | A docker image to run the Interactive Brokers Gateway Application without any human interaction on a docker container. 8 | 9 | It includes: 10 | 11 | - [IB Gateway Application](https://www.interactivebrokers.com/en/index.php?f=16457) ([stable](https://www.interactivebrokers.com/en/trading/ibgateway-stable.php), [latest](https://www.interactivebrokers.com/en/trading/ibgateway-latest.php)) 12 | - [IBC Application](https://github.com/IbcAlpha/IBC) - 13 | to control the IB Gateway Application (simulates user input). 14 | - [Xvfb](https://www.x.org/releases/X11R7.6/doc/man/man1/Xvfb.1.xhtml) - 15 | a X11 virtual framebuffer to run IB Gateway Application without graphics hardware. 16 | - [x11vnc](https://wiki.archlinux.org/title/x11vnc) - 17 | a VNC server that allows to interact with the IB Gateway user interface (optional, for development / maintenance purpose). 18 | - [socat](https://linux.die.net/man/1/socat) a tool to accept TCP connection from non-localhost and relay it to IB Gateway from localhost (IB Gateway restricts connections to 127.0.0.1 by default). 19 | 20 | ## Supported Tags 21 | 22 | | Channel | IB Gateway Version | IBC Version | Docker Tags | 23 | | -------- | ------------------ | ----------- | --------------------------- | 24 | | `latest` | `10.22.1m` | `3.16.0` | `latest` `10.22` `10.22.1m` | 25 | | `stable` | `10.19.1j` | `3.15.2` | `stable` `10.19` `10.19.1j` | 26 | 27 | 28 | See all available tags [here](https://github.com/UnusualAlpha/ib-gateway-docker/pkgs/container/ib-gateway/). 29 | 30 | ## How to use? 31 | 32 | Create a `docker-compose.yml` (or include ib-gateway services on your existing one) 33 | 34 | ```yaml 35 | version: "3.4" 36 | 37 | services: 38 | ib-gateway: 39 | image: ghcr.io/unusualalpha/ib-gateway:latest 40 | restart: always 41 | environment: 42 | TWS_USERID: ${TWS_USERID} 43 | TWS_PASSWORD: ${TWS_PASSWORD} 44 | TRADING_MODE: ${TRADING_MODE:-live} 45 | VNC_SERVER_PASSWORD: ${VNC_SERVER_PASSWORD:-} 46 | ports: 47 | - "127.0.0.1:4001:4001" 48 | - "127.0.0.1:4002:4002" 49 | - "127.0.0.1:5900:5900" 50 | ``` 51 | 52 | Create an .env on root directory or set the following environment variables: 53 | 54 | | Variable | Description | Default | 55 | | --------------------- | ------------------------------------------------------------------- | -------------------------- | 56 | | `TWS_USERID` | The TWS **username**. | | 57 | | `TWS_PASSWORD` | The TWS **password**. | | 58 | | `TRADING_MODE` | **live** or **paper** | **paper** | 59 | | `READ_ONLY_API` | **yes** or **no** ([see](resources/config.ini#L316)) | **not defined** | 60 | | `VNC_SERVER_PASSWORD` | VNC server password. If not defined, no VNC server will be started. | **not defined** (VNC disabled)| 61 | 62 | Example .env file: 63 | 64 | ```text 65 | TWS_USERID=myTwsAccountName 66 | TWS_PASSWORD=myTwsPassword 67 | TRADING_MODE=paper 68 | READ_ONLY_API=no 69 | VNC_SERVER_PASSWORD=myVncPassword 70 | ``` 71 | 72 | Run: 73 | 74 | $ docker-compose up 75 | 76 | After image is downloaded, container is started + 30s, the following ports will be ready for usage on the 77 | container and docker host: 78 | 79 | | Port | Description | 80 | | ---- | ------------------------------------------------------------ | 81 | | 4001 | TWS API port for live accounts. | 82 | | 4002 | TWS API port for paper accounts. | 83 | | 5900 | When `VNC_SERVER_PASSWORD` was defined, the VNC server port. | 84 | 85 | _Note that with the above `docker-compose.yml`, ports are only exposed to the 86 | docker host (127.0.0.1), but not to the network of the host. To expose it to 87 | the whole network change the port mappings on accordingly (remove the 88 | '127.0.0.1:'). **Attention**: See [Leaving localhost](#leaving-localhost) 89 | 90 | ## How build locally 91 | 92 | 1. Clone this repo 93 | 94 | ```bash 95 | git clone https://github.com/UnusualAlpha/ib-gateway-docker 96 | ``` 97 | 98 | 2. Change docker file to use your local IB Gateway installer file, instead of loading it from this project releases: 99 | Open `Dockerfile` on editor and replace this lines: 100 | 101 | ```docker 102 | RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/raw/gh-pages/ibgateway-releases/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh \ 103 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 104 | RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/raw/gh-pages/ibgateway-releases/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 \ 105 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 106 | ``` 107 | 108 | with 109 | 110 | ```docker 111 | COPY ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 112 | ``` 113 | 114 | 3. Remove `RUN sha256sum --check ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256` from Dockerfile (unless you want to keep checksum-check) 115 | 4. Download IB Gateway and name the file `ibgateway-{IB_GATEWAY_VERSION}-standalone-linux-x64.sh`, where `{IB_GATEWAY_VERSION}` must match the version as configured on Dockerfile (first line) 116 | 5. Download IBC and name the file `IBCLinux-{IBC_VERSION}.zip`, where `{IBC_VERSION}` must match the version as configured on Dockerfile (second line) 117 | 6. Build and run: `docker-compose up --build` 118 | 119 | ## Versions and Tags 120 | 121 | The docker image version is similar to the IB Gateway version on the image. 122 | 123 | See [Supported tags](#supported-tags) 124 | 125 | ### IB Gateway installation files 126 | 127 | Note that the [Dockerfile](https://github.com/UnusualAlpha/ib-gateway-docker/blob/master/Dockerfile) 128 | **does not download IB Gateway installer files from IB homepage but from the 129 | [github-pages](https://github.com/UnusualAlpha/ib-gateway-docker/tree/gh-pages/ibgateway-releases) of this project**. 130 | 131 | This is because it shall be possible to (re-)build the image, targeting a specific Gateway version, 132 | but IB does only provide download links for the `latest` or `stable` version (there is no 'old version' download archive). 133 | 134 | The installer files stored on [github-pages](https://github.com/UnusualAlpha/ib-gateway-docker/tree/gh-pages/ibgateway-releases) have been downloaded from 135 | IB homepage and renamed to reflect the version. 136 | 137 | If you want to download Gateway installer from IB homepage directly, or use your local installation file, change this line 138 | on [Dockerfile](https://github.com/UnusualAlpha/ib-gateway-docker/blob/master/Dockerfile) 139 | `RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/raw/gh-pages/ibgateway-releases/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 140 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh` to download (or copy) the file from the source you prefer. 141 | 142 | **Example:** change to `RUN curl -sSL https://download2.interactivebrokers.com/installers/ibgateway/stable-standalone/ibgateway-stable-standalone-linux-x64.sh --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh` for using current stable version from IB homepage. 143 | 144 | ## Customizing the image 145 | 146 | The image can be customized by overwriting the default configuration files 147 | with custom ones. 148 | 149 | Apps and config file locations: 150 | 151 | | App | Folder | Config file | Default | 152 | | ---------- | --------- | ------------------------- | ------------------------------------------------------------------------------------------------- | 153 | | IB Gateway | /root/Jts | /root/Jts/jts.ini | [jts.ini](https://github.com/UnusualAlpha/ib-gateway-docker/blob/master/config/ibgateway/jts.ini) | 154 | | IBC | /root/ibc | /root/ibc/config.ini | [config.ini](https://github.com/UnusualAlpha/ib-gateway-docker/blob/master/config/ibc/config.ini.tmpl) | 155 | 156 | To start the IB Gateway run `/root/scripts/run.sh` from your Dockerfile or 157 | run-script. 158 | 159 | ## Security Considerations 160 | 161 | ### Leaving localhost 162 | 163 | The IB API protocol is based on an unencrypted, unauthenticated, raw TCP socket 164 | connection between a client and the IB Gateway. If the port to IB API is open 165 | to the network, every device on it (including potential rogue devices) can access 166 | your IB account via the IB Gateway. 167 | 168 | Because of this, the default `docker-compose.yml` only exposes the IB API port 169 | to the **localhost** on the docker host, but not to the whole network. 170 | 171 | If you want to connect to IB Gateway from a remote device, consider adding an 172 | additional layer of security (e.g. TLS/SSL or SSH tunnel) to protect the 173 | 'plain text' TCP sockets against unauthorized access or manipulation. 174 | 175 | ### Credentials 176 | 177 | This image does not contain nor store any user credentials. 178 | 179 | They are provided as environment variable during the container startup and 180 | the host is responsible to properly protect it (e.g. use 181 | [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables) 182 | or similar). 183 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.4" 2 | 3 | services: 4 | ib-gateway: 5 | restart: always 6 | build: 7 | context: ./latest 8 | environment: 9 | TWS_USERID: ${TWS_USERID} 10 | TWS_PASSWORD: ${TWS_PASSWORD} 11 | TRADING_MODE: ${TRADING_MODE:-paper} 12 | READ_ONLY_API: ${READ_ONLY_API:-} 13 | VNC_SERVER_PASSWORD: ${VNC_SERVER_PASSWORD:-} 14 | ports: 15 | - "127.0.0.1:4001:4001" 16 | - "127.0.0.1:4002:4002" 17 | - "127.0.0.1:5900:5900" 18 | -------------------------------------------------------------------------------- /image-files/config/ibc/config.ini.tmpl: -------------------------------------------------------------------------------- 1 | # Note that in the comments in this file, TWS refers to both the Trader 2 | # Workstation and the IB Gateway, unless explicitly stated otherwise. 3 | # 4 | # When referred to below, the default value for a setting is the value 5 | # assumed if either the setting is included but no value is specified, or 6 | # the setting is not included at all. 7 | # 8 | # IBC may also be used to start the FIX CTCI Gateway. All settings 9 | # relating to this have names prefixed with FIX. 10 | # 11 | # The IB API Gateway and the FIX CTCI Gateway share the same code. Which 12 | # gateway actually runs is governed by an option on the initial gateway 13 | # login screen. The FIX setting described under IBC Startup 14 | # Settings below controls this. 15 | 16 | 17 | 18 | # ============================================================================= 19 | # 1. IBC Startup Settings 20 | # ============================================================================= 21 | 22 | 23 | # IBC may be used to start the IB Gateway for the FIX CTCI. This 24 | # setting must be set to 'yes' if you want to run the FIX CTCI gateway. The 25 | # default is 'no'. 26 | 27 | FIX=no 28 | 29 | 30 | 31 | # ============================================================================= 32 | # 2. Authentication Settings 33 | # ============================================================================= 34 | 35 | # TWS and the IB API gateway require a single username and password. 36 | # You may specify the username and password using the following settings: 37 | # 38 | # IbLoginId 39 | # IbPassword 40 | # 41 | # Alternatively, you can specify the username and password in the command 42 | # files used to start TWS or the Gateway, but this is not recommended for 43 | # security reasons. 44 | # 45 | # If you don't specify them, you will be prompted for them in the usual 46 | # login dialog when TWS starts (but whatever you have specified will be 47 | # included in the dialog automatically: for example you may specify the 48 | # username but not the password, and then you will be prompted for the 49 | # password via the login dialog). Note that if you specify either 50 | # the username or the password (or both) in the command file, then 51 | # IbLoginId and IbPassword settings defined in this file are ignored. 52 | # 53 | # 54 | # The FIX CTCI gateway requires one username and password for FIX order 55 | # routing, and optionally a separate username and password for market 56 | # data connections. You may specify the usernames and passwords using 57 | # the following settings: 58 | # 59 | # FIXLoginId 60 | # FIXPassword 61 | # IbLoginId (optional - for market data connections) 62 | # IbPassword (optional - for market data connections) 63 | # 64 | # Alternatively you can specify the FIX username and password in the 65 | # command file used to start the FIX CTCI Gateway, but this is not 66 | # recommended for security reasons. 67 | # 68 | # If you don't specify them, you will be prompted for them in the usual 69 | # login dialog when FIX CTCI gateway starts (but whatever you have 70 | # specified will be included in the dialog automatically: for example 71 | # you may specify the usernames but not the passwords, and then you will 72 | # be prompted for the passwords via the login dialog). Note that if you 73 | # specify either the FIX username or the FIX password (or both) on the 74 | # command line, then FIXLoginId and FIXPassword settings defined in this 75 | # file are ignored; he same applies to the market data username and 76 | # password. 77 | 78 | # IB API Authentication Settings 79 | # ------------------------------ 80 | 81 | # Your TWS username: 82 | 83 | IbLoginId= 84 | 85 | 86 | # Your TWS password: 87 | 88 | IbPassword= 89 | 90 | 91 | # FIX CTCI Authentication Settings 92 | # -------------------------------- 93 | 94 | # Your FIX CTCI username: 95 | 96 | FIXLoginId= 97 | 98 | 99 | # Your FIX CTCI password: 100 | 101 | FIXPassword= 102 | 103 | 104 | # Second Factor Authentication Settings 105 | # ------------------------------------- 106 | 107 | # If you have enabled more than one second factor authentication 108 | # device, TWS presents a list from which you must select the device 109 | # you want to use for this login. You can use this setting to 110 | # instruct IBC to select a particular item in the list on your 111 | # behalf. Note that you must spell this value exactly as it appears 112 | # in the list. If no value is set, you must manually select the 113 | # relevant list entry. 114 | 115 | SecondFactorDevice= 116 | 117 | 118 | # If you use the IBKR Mobile app for second factor authentication, 119 | # and you fail to complete the process before the time limit imposed 120 | # by IBKR, you can use this setting to tell IBC to exit: arrangements 121 | # can then be made to automatically restart IBC in order to initiate 122 | # the login sequence afresh. Otherwise, manual intervention at TWS's 123 | # Second Factor Authentication dialog is needed to complete the 124 | # login. 125 | # 126 | # Permitted values are 'yes' and 'no'. The default is 'no'. 127 | # 128 | # Note that the scripts provided with the IBC zips for Windows and 129 | # Linux provide options to automatically restart in these 130 | # circumstances, but only if this setting is also set to 'yes'. 131 | 132 | ExitAfterSecondFactorAuthenticationTimeout=no 133 | 134 | 135 | # This setting is only relevant if 136 | # ExitAfterSecondFactorAuthenticationTimeout is set to 'yes'. 137 | # 138 | # It controls how long (in seconds) IBC waits for login to complete 139 | # after the user acknowledges the second factor authentication 140 | # alert at the IBKR Mobile app. If login has not completed after 141 | # this time, IBC terminates. 142 | # The default value is 40. 143 | 144 | SecondFactorAuthenticationExitInterval= 145 | 146 | 147 | # Trading Mode 148 | # ------------ 149 | # 150 | # TWS 955 introduced a new Trading Mode combo box on its login 151 | # dialog. This indicates whether the live account or the paper 152 | # trading account corresponding to the supplied credentials is 153 | # to be used. The allowed values are 'live' (the default) and 154 | # 'paper'. For earlier versions of TWS this setting has no 155 | # effect. 156 | 157 | TradingMode= 158 | 159 | 160 | # Paper-trading Account Warning 161 | # ----------------------------- 162 | # 163 | # Logging in to a paper-trading account results in TWS displaying 164 | # a dialog asking the user to confirm that they are aware that this 165 | # is not a brokerage account. Until this dialog has been accepted, 166 | # TWS will not allow API connections to succeed. Setting this 167 | # to 'yes' (the default) will cause IBC to automatically 168 | # confirm acceptance. Setting it to 'no' will leave the dialog 169 | # on display, and the user will have to deal with it manually. 170 | 171 | AcceptNonBrokerageAccountWarning=yes 172 | 173 | 174 | # Login Dialog Display Timeout 175 | #----------------------------- 176 | # 177 | # In some circumstances, starting TWS may result in failure to display 178 | # the login dialog. Restarting TWS may help to resolve this situation, 179 | # and IBC does this automatically. 180 | # 181 | # This setting controls how long (in seconds) IBC waits for the login 182 | # dialog to appear before restarting TWS. 183 | # 184 | # Note that in normal circumstances with a reasonably specified 185 | # computer the time to displaying the login dialog is typically less 186 | # than 20 seconds, and frequently much less. However many factors can 187 | # influence this, and it is unwise to set this value too low. 188 | # 189 | # The default value is 60. 190 | 191 | LoginDialogDisplayTimeout = 60 192 | 193 | 194 | 195 | # ============================================================================= 196 | # 3. TWS Startup Settings 197 | # ============================================================================= 198 | 199 | # Path to settings store 200 | # ---------------------- 201 | # 202 | # Path to the directory where TWS should store its settings. This is 203 | # normally the folder in which TWS is installed. However you may set 204 | # it to some other location if you wish (for example if you want to 205 | # run multiple instances of TWS with different settings). 206 | # 207 | # It is recommended for clarity that you use an absolute path. The 208 | # effect of using a relative path is undefined. 209 | # 210 | # Linux and macOS users should use the appropriate path syntax. 211 | # 212 | # Note that, for Windows users, you MUST use double separator 213 | # characters to separate the elements of the folder path: for 214 | # example, IbDir=C:\\IBLiveSettings is valid, but 215 | # IbDir=C:\IBLiveSettings is NOT valid and will give unexpected 216 | # results. Linux and macOS users need not use double separators, 217 | # but they are acceptable. 218 | # 219 | # The default is the current working directory when IBC is 220 | # started. 221 | 222 | IbDir=/root/Jts 223 | 224 | 225 | # Store settings on server 226 | # ------------------------ 227 | # 228 | # If you wish to store a copy of your TWS settings on IB's 229 | # servers as well as locally on your computer, set this to 230 | # 'yes': this enables you to run TWS on different computers 231 | # with the same configuration, market data lines, etc. If set 232 | # to 'no', running TWS on different computers will not share the 233 | # same settings. If no value is specified, TWS will obtain its 234 | # settings from the same place as the last time this user logged 235 | # in (whether manually or using IBC). 236 | 237 | StoreSettingsOnServer= 238 | 239 | 240 | # Minimize TWS on startup 241 | # ----------------------- 242 | # 243 | # Set to 'yes' to minimize TWS when it starts: 244 | 245 | MinimizeMainWindow=no 246 | 247 | 248 | # Existing Session Detected Action 249 | # -------------------------------- 250 | # 251 | # When a user logs on to an IBKR account for trading purposes by any means, the 252 | # IBKR account server checks to see whether the account is already logged in 253 | # elsewhere. If so, a dialog is displayed to both the users that enables them 254 | # to determine what happens next. The 'ExistingSessionDetectedAction' setting 255 | # instructs TWS how to proceed when it displays this dialog: 256 | # 257 | # * If the new TWS session is set to 'secondary', the existing session continues 258 | # and the new session terminates. Thus a secondary TWS session can never 259 | # override any other session. 260 | # 261 | # * If the existing TWS session is set to 'primary', the existing session 262 | # continues and the new session terminates (even if the new session is also 263 | # set to primary). Thus a primary TWS session can never be overridden by 264 | # any new session). 265 | # 266 | # * If both the existing and the new TWS sessions are set to 'primaryoverride', 267 | # the existing session terminates and the new session proceeds. 268 | # 269 | # * If the existing TWS session is set to 'manual', the user must handle the 270 | # dialog. 271 | # 272 | # The difference between 'primary' and 'primaryoverride' is that a 273 | # 'primaryoverride' session can be overriden over by a new 'primary' session, 274 | # but a 'primary' session cannot be overriden by any other session. 275 | # 276 | # When set to 'primary', if another TWS session is started and manually told to 277 | # end the 'primary' session, the 'primary' session is automatically reconnected. 278 | # 279 | # The default is 'manual'. 280 | 281 | ExistingSessionDetectedAction=primary 282 | 283 | 284 | # Override TWS API Port Number 285 | # ---------------------------- 286 | # 287 | # If OverrideTwsApiPort is set to an integer, IBC changes the 288 | # 'Socket port' in TWS's API configuration to that number shortly 289 | # after startup. Leaving the setting blank will make no change to 290 | # the current setting. This setting is only intended for use in 291 | # certain specialized situations where the port number needs to 292 | # be set dynamically at run-time: most users will never need it, 293 | # so don't use it unless you know you need it. 294 | 295 | OverrideTwsApiPort=4000 296 | 297 | 298 | # Read-only Login 299 | # --------------- 300 | # 301 | # If ReadOnlyLogin is set to 'yes', and the user is enrolled in IB's 302 | # account security programme, the user will not be asked to perform 303 | # the second factor authentication action, and login to TWS will 304 | # occur automatically in read-only mode: in this mode, placing or 305 | # managing orders is not allowed. If set to 'no', and the user is 306 | # enrolled in IB's account security programme, the user must perform 307 | # the relevant second factor authentication action to complete the 308 | # login. 309 | 310 | # If the user is not enrolled in IB's account security programme, 311 | # this setting is ignored. The default is 'no'. 312 | 313 | ReadOnlyLogin=no 314 | 315 | 316 | # Read-only API 317 | # ------------- 318 | # 319 | # If ReadOnlyApi is set to 'yes', API programs cannot submit, modify 320 | # or cancel orders. If set to 'no', API programs can do these things. 321 | # If not set, the existing TWS/Gateway configuration is unchanged. 322 | # NB: this setting is really only supplied for the benefit of new TWS 323 | # or Gateway instances that are being automatically installed and 324 | # started without user intervention (eg Docker containers). Where 325 | # a user is involved, they should use the Global Configuration to 326 | # set the relevant checkbox (this only needs to be done once) and 327 | # not provide a value for this setting. 328 | 329 | ReadOnlyApi=${READ_ONLY_API} 330 | 331 | 332 | # Market data size for US stocks - lots or shares 333 | # ----------------------------------------------- 334 | # 335 | # Since IB introduced the option of market data for US stocks showing 336 | # bid, ask and last sizes in shares rather than lots, TWS and Gateway 337 | # display a dialog immediately after login notifying the user about 338 | # this and requiring user input before allowing market data to be 339 | # accessed. The user can request that the dialog not be shown again. 340 | # 341 | # It is recommended that the user should handle this dialog manually 342 | # rather than using these settings, which are provided for situations 343 | # where the user interface is not easily accessible, or where user 344 | # settings are not preserved between sessions (eg some Docker images). 345 | # 346 | # - If this setting is set to 'accept', the dialog will be handled 347 | # automatically and the option to not show it again will be 348 | # selected. 349 | # 350 | # Note that in this case, the only way to allow the dialog to be 351 | # displayed again is to manually enable the 'Bid, Ask and Last 352 | # Size Display Update' message in the 'Messages' section of the TWS 353 | # configuration dialog. So you should only use 'Accept' if you are 354 | # sure you really don't want the dialog to be displayed again, or 355 | # you have easy access to the user interface. 356 | # 357 | # - If set to 'defer', the dialog will be handled automatically (so 358 | # that market data will start), but the option to not show it again 359 | # will not be selected, and it will be shown again after the next 360 | # login. 361 | # 362 | # - If set to 'ignore', the user has to deal with the dialog manually. 363 | # 364 | # The default value is 'ignore'. 365 | # 366 | # Note if set to 'accept' or 'defer', TWS also automatically sets 367 | # the API settings checkbox labelled 'Send market data in lots for 368 | # US stocks for dual-mode API clients'. IBC cannot prevent this. 369 | # However you can change this immmediately by setting 370 | # SendMarketDataInLotsForUSstocks (see below) to 'no' . 371 | 372 | AcceptBidAskLastSizeDisplayUpdateNotification=accept 373 | 374 | 375 | # This setting determines whether the API settings checkbox labelled 376 | # 'Send market data in lots for US stocks for dual-mode API clients' 377 | # is set or cleared. If set to 'yes', the checkbox is set. If set to 378 | # 'no' the checkbox is cleared. If defaulted, the checkbox is 379 | # unchanged. 380 | 381 | SendMarketDataInLotsForUSstocks= 382 | 383 | 384 | 385 | # ============================================================================= 386 | # 4. TWS Auto-Closedown 387 | # ============================================================================= 388 | # 389 | # IMPORTANT NOTE: Starting with TWS 974, this setting no longer 390 | # works properly, because IB have changed the way TWS handles its 391 | # autologoff mechanism. 392 | # 393 | # You should now configure the TWS autologoff time to something 394 | # convenient for you, and restart IBC each day. 395 | # 396 | # Alternatively, discontinue use of IBC and use the auto-relogin 397 | # mechanism within TWS 974 and later versions (note that the 398 | # auto-relogin mechanism provided by IB is not available if you 399 | # use IBC). 400 | 401 | # Set to yes or no (lower case). 402 | # 403 | # yes means allow TWS to shut down automatically at its 404 | # specified shutdown time, which is set via the TWS 405 | # configuration menu. 406 | # 407 | # no means TWS never shuts down automatically. 408 | # 409 | # NB: IB recommends that you do not keep TWS running 410 | # continuously. If you set this setting to 'no', you may 411 | # experience incorrect TWS operation. 412 | # 413 | # NB: the default for this setting is 'no'. Since this will 414 | # only work properly with TWS versions earlier than 974, you 415 | # should explicitly set this to 'yes' for version 974 and later. 416 | 417 | IbAutoClosedown=yes 418 | 419 | 420 | 421 | # ============================================================================= 422 | # 5. TWS Tidy Closedown Time 423 | # ============================================================================= 424 | # 425 | # NB: starting with TWS 974 this is no longer a useful option 426 | # because both TWS and Gateway now have the same auto-logoff 427 | # mechanism, and IBC can no longer avoid this. 428 | # 429 | # Note that giving this setting a value does not change TWS's 430 | # auto-logoff in any way: any setting will be additional to the 431 | # TWS auto-logoff. 432 | # 433 | # To tell IBC to tidily close TWS at a specified time every 434 | # day, set this value to , for example: 435 | # ClosedownAt=22:00 436 | # 437 | # To tell IBC to tidily close TWS at a specified day and time 438 | # each week, set this value to , for example: 439 | # ClosedownAt=Friday 22:00 440 | # 441 | # Note that the day of the week must be specified using your 442 | # default locale. Also note that Java will only accept 443 | # characters encoded to ISO 8859-1 (Latin-1). This means that 444 | # if the day name in your default locale uses any non-Latin-1 445 | # characters you need to encode them using Unicode escapes 446 | # (see http://java.sun.com/docs/books/jls/third_edition/html/lexical.html#3.3 447 | # for details). For example, to tidily close TWS at 12:00 on 448 | # Saturday where the default locale is Simplified Chinese, 449 | # use the following: 450 | # #ClosedownAt=\u661F\u671F\u516D 12:00 451 | 452 | ClosedownAt= 453 | 454 | 455 | 456 | # ============================================================================= 457 | # 6. Other TWS Settings 458 | # ============================================================================= 459 | 460 | # Accept Incoming Connection 461 | # -------------------------- 462 | # 463 | # If set to 'accept', IBC automatically accepts incoming 464 | # API connection dialogs. If set to 'reject', IBC 465 | # automatically rejects incoming API connection dialogs. If 466 | # set to 'manual', the user must decide whether to accept or reject 467 | # incoming API connection dialogs. The default is 'manual'. 468 | # NB: it is recommended to set this to 'reject', and to explicitly 469 | # configure which IP addresses can connect to the API in TWS's API 470 | # configuration page, as this is much more secure (in this case, no 471 | # incoming API connection dialogs will occur for those IP addresses). 472 | 473 | AcceptIncomingConnectionAction=reject 474 | 475 | 476 | # Allow Blind Trading 477 | # ------------------- 478 | # 479 | # If you attempt to place an order for a contract for which 480 | # you have no market data subscription, TWS displays a dialog 481 | # to warn you against such blind trading. 482 | # 483 | # yes means the dialog is dismissed as though the user had 484 | # clicked the 'Ok' button: this means that you accept 485 | # the risk and want the order to be submitted. 486 | # 487 | # no means the dialog remains on display and must be 488 | # handled by the user. 489 | 490 | AllowBlindTrading=no 491 | 492 | 493 | # Save Settings on a Schedule 494 | # --------------------------- 495 | # 496 | # You can tell TWS to automatically save its settings on a schedule 497 | # of your choosing. You can specify one or more specific times, 498 | # like this: 499 | # 500 | # SaveTwsSettingsAt=HH:MM [ HH:MM]... 501 | # 502 | # for example: 503 | # SaveTwsSettingsAt=08:00 12:30 17:30 504 | # 505 | # Or you can specify an interval at which settings are to be saved, 506 | # optionally starting at a specific time and continuing until another 507 | # time, like this: 508 | # 509 | #SaveTwsSettingsAt=Every n [{mins | hours}] [hh:mm] [hh:mm] 510 | # 511 | # where the first hh:mm is the start time and the second is the end 512 | # time. If you don't specify the end time, settings are saved regularly 513 | # from the start time till midnight. If you don't specify the start time. 514 | # settings are saved regularly all day, beginning at 00:00. Note that 515 | # settings will always be saved at the end time, even if that is not 516 | # exactly one interval later than the previous time. If neither 'mins' 517 | # nor 'hours' is specified, 'mins' is assumed. Examples: 518 | # 519 | # To save every 30 minutes all day starting at 00:00 520 | #SaveTwsSettingsAt=Every 30 521 | #SaveTwsSettingsAt=Every 30 mins 522 | # 523 | # To save every hour starting at 08:00 and ending at midnight 524 | #SaveTwsSettingsAt=Every 1 hours 08:00 525 | #SaveTwsSettingsAt=Every 1 hours 08:00 00:00 526 | # 527 | # To save every 90 minutes starting at 08:00 up to and including 17:43 528 | #SaveTwsSettingsAt=Every 90 08:00 17:43 529 | 530 | SaveTwsSettingsAt= 531 | 532 | 533 | 534 | # ============================================================================= 535 | # 7. Settings Specific to Indian Versions of TWS 536 | # ============================================================================= 537 | 538 | # Indian versions of TWS may display a password expiry 539 | # notification dialog and a NSE Compliance dialog. These can be 540 | # dismissed by setting the following to yes. By default the 541 | # password expiry notice is not dismissed, but the NSE Compliance 542 | # notice is dismissed. 543 | 544 | # Warning: setting DismissPasswordExpiryWarning=yes will mean 545 | # you will not be notified when your password is about to expire. 546 | # You must then take other measures to ensure that your password 547 | # is changed within the expiry period, otherwise IBC will 548 | # not be able to login successfully. 549 | 550 | DismissPasswordExpiryWarning=no 551 | DismissNSEComplianceNotice=yes 552 | 553 | 554 | 555 | # ============================================================================= 556 | # 8. IBC Command Server Settings 557 | # ============================================================================= 558 | 559 | # Do NOT CHANGE THE FOLLOWING SETTINGS unless you 560 | # intend to issue commands to IBC (for example 561 | # using telnet). Note that these settings have nothing to 562 | # do with running programs that use the TWS API. 563 | 564 | # Command Server Port Number 565 | # -------------------------- 566 | # 567 | # The port number that IBC listens on for commands 568 | # such as "STOP". DO NOT set this to the port number 569 | # used for TWS API connections. There is no good reason 570 | # to change this setting unless the port is used by 571 | # some other application (typically another instance of 572 | # IBC). The default value is 0, which tells IBC not to 573 | # start the command server 574 | 575 | #CommandServerPort=7462 576 | 577 | 578 | # Permitted Command Sources 579 | # ------------------------- 580 | # 581 | # A comma separated list of IP addresses, or host names, 582 | # which are allowed addresses for sending commands to 583 | # IBC. Commands can always be sent from the 584 | # same host as IBC is running on. 585 | 586 | ControlFrom= 587 | 588 | 589 | # Address for Receiving Commands 590 | # ------------------------------ 591 | # 592 | # Specifies the IP address on which the Command Server 593 | # is to listen. For a multi-homed host, this can be used 594 | # to specify that connection requests are only to be 595 | # accepted on the specified address. The default is to 596 | # accept connection requests on all local addresses. 597 | 598 | BindAddress= 599 | 600 | 601 | # Command Prompt 602 | # -------------- 603 | # 604 | # The specified string is output by the server when 605 | # the connection is first opened and after the completion 606 | # of each command. This can be useful if sending commands 607 | # using an interactive program such as telnet. The default 608 | # is that no prompt is output. 609 | # For example: 610 | # 611 | # CommandPrompt=> 612 | 613 | CommandPrompt= 614 | 615 | 616 | # Suppress Command Server Info Messages 617 | # ------------------------------------- 618 | # 619 | # Some commands can return intermediate information about 620 | # their progress. This setting controls whether such 621 | # information is sent. The default is that such information 622 | # is not sent. 623 | 624 | SuppressInfoMessages=yes 625 | 626 | 627 | 628 | # ============================================================================= 629 | # 9. Diagnostic Settings 630 | # ============================================================================= 631 | # 632 | # IBC can log information about the structure of windows 633 | # displayed by TWS. This information is useful when adding 634 | # new features to IBC or when behaviour is not as expected. 635 | # 636 | # The logged information shows the hierarchical organisation 637 | # of all the components of the window, and includes the 638 | # current values of text boxes and labels. 639 | # 640 | # Note that this structure logging has a small performance 641 | # impact, and depending on the settings can cause the logfile 642 | # size to be significantly increased. It is therefore 643 | # recommended that the LogStructureWhen setting be set to 644 | # 'never' (the default) unless there is a specific reason 645 | # that this information is needed. 646 | 647 | 648 | # Scope of Structure Logging 649 | # -------------------------- 650 | # 651 | # The LogStructureScope setting indicates which windows are 652 | # eligible for structure logging: 653 | # 654 | # - if set to 'known', only windows that IBC recognizes 655 | # are eligible - these are windows that IBC has some 656 | # interest in monitoring, usually to take some action 657 | # on the user's behalf; 658 | # 659 | # - if set to 'unknown', only windows that IBC does not 660 | # recognize are eligible. Most windows displayed by 661 | # TWS fall into this category; 662 | # 663 | # - if set to 'untitled', only windows that IBC does not 664 | # recognize and that have no title are eligible. These 665 | # are usually message boxes or similar small windows, 666 | # 667 | # - if set to 'all', then every window displayed by TWS 668 | # is eligible. 669 | # 670 | # The default value is 'known'. 671 | 672 | LogStructureScope=known 673 | 674 | 675 | # When to Log Window Structure 676 | # ---------------------------- 677 | # 678 | # The LogStructureWhen setting specifies the circumstances 679 | # when eligible TWS windows have their structure logged: 680 | # 681 | # - if set to 'open' or 'yes' or 'true', IBC logs the 682 | # structure of an eligible window the first time it 683 | # is encountered; 684 | # 685 | # - if set to 'activate', the structure is logged every 686 | # time an eligible window is made active; 687 | # 688 | # - if set to 'never' or 'no' or 'false', structure 689 | # information is never logged. 690 | # 691 | # The default value is 'never'. 692 | 693 | LogStructureWhen=never 694 | 695 | 696 | # DEPRECATED SETTING 697 | # ------------------ 698 | # 699 | # LogComponents - THIS SETTING WILL BE REMOVED IN A FUTURE 700 | # RELEASE 701 | # 702 | # If LogComponents is set to any value, this is equivalent 703 | # to setting LogStructureWhen to that same value and 704 | # LogStructureScope to 'all': the actual values of those 705 | # settings are ignored. The default is that the values 706 | # of LogStructureScope and LogStructureWhen are honoured. 707 | 708 | #LogComponents= 709 | 710 | 711 | -------------------------------------------------------------------------------- /image-files/config/ibgateway/jts.ini: -------------------------------------------------------------------------------- 1 | [IBGateway] 2 | WriteDebug=false 3 | TrustedIPs=127.0.0.1 4 | ApiOnly=true 5 | 6 | [Logon] 7 | Locale=en 8 | TimeZone=Etc/UTC 9 | displayedproxymsg=1 10 | UseSSL=true 11 | s3store=true 12 | 13 | [Communication] 14 | -------------------------------------------------------------------------------- /image-files/scripts/fork_ports_delayed.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sleep 30 4 | 5 | if [ "$TRADING_MODE" = "paper" ]; then 6 | printf "Forking :::4000 onto 0.0.0.0:4002\n" 7 | socat TCP-LISTEN:4002,fork TCP:127.0.0.1:4000 8 | else 9 | printf "Forking :::4000 onto 0.0.0.0:4001\n" 10 | socat TCP-LISTEN:4001,fork TCP:127.0.0.1:4000 11 | fi 12 | -------------------------------------------------------------------------------- /image-files/scripts/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | export DISPLAY=:1 4 | 5 | rm -f /tmp/.X1-lock 6 | Xvfb :1 -ac -screen 0 1024x768x16 & 7 | 8 | if [ -n "$VNC_SERVER_PASSWORD" ]; then 9 | echo "Starting VNC server" 10 | /root/scripts/run_x11_vnc.sh & 11 | fi 12 | 13 | envsubst < "${IBC_INI}.tmpl" > "${IBC_INI}" 14 | 15 | /root/scripts/fork_ports_delayed.sh & 16 | 17 | /root/ibc/scripts/ibcstart.sh "${TWS_MAJOR_VRSN}" -g \ 18 | "--tws-path=${TWS_PATH}" \ 19 | "--ibc-path=${IBC_PATH}" "--ibc-ini=${IBC_INI}" \ 20 | "--user=${TWS_USERID}" "--pw=${TWS_PASSWORD}" "--mode=${TRADING_MODE}" \ 21 | "--on2fatimeout=${TWOFA_TIMEOUT_ACTION}" 22 | -------------------------------------------------------------------------------- /image-files/scripts/run_x11_vnc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | x11vnc -ncache_cr -display :1 -forever -shared -logappend /var/log/x11vnc.log -bg -noipv6 -passwd "$VNC_SERVER_PASSWORD" 4 | -------------------------------------------------------------------------------- /latest/Dockerfile: -------------------------------------------------------------------------------- 1 | 2 | # 3 | # Setup Stage: install apps 4 | # 5 | # This is a dedicated stage so that donwload archives don't end up on 6 | # production image and consume unnecessary space. 7 | # 8 | 9 | FROM ubuntu:22.04 as setup 10 | 11 | ENV IB_GATEWAY_VERSION=10.22.1m 12 | ENV IB_GATEWAY_RELEASE_CHANNEL=latest 13 | ENV IBC_VERSION=3.16.0 14 | 15 | # Prepare system 16 | RUN apt-get update -y 17 | RUN apt-get install --no-install-recommends --yes \ 18 | curl \ 19 | ca-certificates \ 20 | unzip 21 | 22 | WORKDIR /tmp/setup 23 | 24 | # Install IB Gateway 25 | # Use this instead of "RUN curl .." to install a local file: 26 | #COPY ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh . 27 | RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/releases/download/ibgateway-${IB_GATEWAY_RELEASE_CHANNEL}%40${IB_GATEWAY_VERSION}/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh \ 28 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 29 | RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/releases/download/ibgateway-${IB_GATEWAY_RELEASE_CHANNEL}%40${IB_GATEWAY_VERSION}/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 \ 30 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 31 | RUN sha256sum --check ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 32 | RUN chmod a+x ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 33 | RUN ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh -q -dir /root/Jts/ibgateway/${IB_GATEWAY_VERSION} 34 | COPY ./config/ibgateway/jts.ini /root/Jts/jts.ini 35 | 36 | # Install IBC 37 | RUN curl -sSL https://github.com/IbcAlpha/IBC/releases/download/${IBC_VERSION}/IBCLinux-${IBC_VERSION}.zip --output IBCLinux-${IBC_VERSION}.zip 38 | RUN mkdir /root/ibc 39 | RUN unzip ./IBCLinux-${IBC_VERSION}.zip -d /root/ibc 40 | RUN chmod -R u+x /root/ibc/*.sh 41 | RUN chmod -R u+x /root/ibc/scripts/*.sh 42 | COPY ./config/ibc/config.ini.tmpl /root/ibc/config.ini.tmpl 43 | 44 | # Copy scripts 45 | COPY ./scripts /root/scripts 46 | 47 | # 48 | # Build Stage: build production image 49 | # 50 | 51 | FROM ubuntu:22.04 52 | 53 | ENV IB_GATEWAY_VERSION=10.22.1m 54 | 55 | WORKDIR /root 56 | 57 | # Prepare system 58 | RUN apt-get update -y 59 | RUN apt-get install --no-install-recommends --yes \ 60 | gettext \ 61 | xvfb \ 62 | libxslt-dev \ 63 | libxrender1 \ 64 | libxtst6 \ 65 | libxi6 \ 66 | libgtk2.0-bin \ 67 | socat \ 68 | x11vnc 69 | 70 | # Copy files 71 | COPY --from=setup /root/ . 72 | RUN chmod a+x /root/scripts/*.sh 73 | COPY --from=setup /usr/local/i4j_jres/ /usr/local/i4j_jres 74 | 75 | # IBC env vars 76 | ENV TWS_MAJOR_VRSN ${IB_GATEWAY_VERSION} 77 | ENV TWS_PATH /root/Jts 78 | ENV IBC_PATH /root/ibc 79 | ENV IBC_INI /root/ibc/config.ini 80 | ENV TWOFA_TIMEOUT_ACTION exit 81 | 82 | # Start run script 83 | CMD ["/root/scripts/run.sh"] 84 | -------------------------------------------------------------------------------- /latest/config/ibc/config.ini.tmpl: -------------------------------------------------------------------------------- 1 | # Note that in the comments in this file, TWS refers to both the Trader 2 | # Workstation and the IB Gateway, unless explicitly stated otherwise. 3 | # 4 | # When referred to below, the default value for a setting is the value 5 | # assumed if either the setting is included but no value is specified, or 6 | # the setting is not included at all. 7 | # 8 | # IBC may also be used to start the FIX CTCI Gateway. All settings 9 | # relating to this have names prefixed with FIX. 10 | # 11 | # The IB API Gateway and the FIX CTCI Gateway share the same code. Which 12 | # gateway actually runs is governed by an option on the initial gateway 13 | # login screen. The FIX setting described under IBC Startup 14 | # Settings below controls this. 15 | 16 | 17 | 18 | # ============================================================================= 19 | # 1. IBC Startup Settings 20 | # ============================================================================= 21 | 22 | 23 | # IBC may be used to start the IB Gateway for the FIX CTCI. This 24 | # setting must be set to 'yes' if you want to run the FIX CTCI gateway. The 25 | # default is 'no'. 26 | 27 | FIX=no 28 | 29 | 30 | 31 | # ============================================================================= 32 | # 2. Authentication Settings 33 | # ============================================================================= 34 | 35 | # TWS and the IB API gateway require a single username and password. 36 | # You may specify the username and password using the following settings: 37 | # 38 | # IbLoginId 39 | # IbPassword 40 | # 41 | # Alternatively, you can specify the username and password in the command 42 | # files used to start TWS or the Gateway, but this is not recommended for 43 | # security reasons. 44 | # 45 | # If you don't specify them, you will be prompted for them in the usual 46 | # login dialog when TWS starts (but whatever you have specified will be 47 | # included in the dialog automatically: for example you may specify the 48 | # username but not the password, and then you will be prompted for the 49 | # password via the login dialog). Note that if you specify either 50 | # the username or the password (or both) in the command file, then 51 | # IbLoginId and IbPassword settings defined in this file are ignored. 52 | # 53 | # 54 | # The FIX CTCI gateway requires one username and password for FIX order 55 | # routing, and optionally a separate username and password for market 56 | # data connections. You may specify the usernames and passwords using 57 | # the following settings: 58 | # 59 | # FIXLoginId 60 | # FIXPassword 61 | # IbLoginId (optional - for market data connections) 62 | # IbPassword (optional - for market data connections) 63 | # 64 | # Alternatively you can specify the FIX username and password in the 65 | # command file used to start the FIX CTCI Gateway, but this is not 66 | # recommended for security reasons. 67 | # 68 | # If you don't specify them, you will be prompted for them in the usual 69 | # login dialog when FIX CTCI gateway starts (but whatever you have 70 | # specified will be included in the dialog automatically: for example 71 | # you may specify the usernames but not the passwords, and then you will 72 | # be prompted for the passwords via the login dialog). Note that if you 73 | # specify either the FIX username or the FIX password (or both) on the 74 | # command line, then FIXLoginId and FIXPassword settings defined in this 75 | # file are ignored; he same applies to the market data username and 76 | # password. 77 | 78 | # IB API Authentication Settings 79 | # ------------------------------ 80 | 81 | # Your TWS username: 82 | 83 | IbLoginId= 84 | 85 | 86 | # Your TWS password: 87 | 88 | IbPassword= 89 | 90 | 91 | # FIX CTCI Authentication Settings 92 | # -------------------------------- 93 | 94 | # Your FIX CTCI username: 95 | 96 | FIXLoginId= 97 | 98 | 99 | # Your FIX CTCI password: 100 | 101 | FIXPassword= 102 | 103 | 104 | # Second Factor Authentication Settings 105 | # ------------------------------------- 106 | 107 | # If you have enabled more than one second factor authentication 108 | # device, TWS presents a list from which you must select the device 109 | # you want to use for this login. You can use this setting to 110 | # instruct IBC to select a particular item in the list on your 111 | # behalf. Note that you must spell this value exactly as it appears 112 | # in the list. If no value is set, you must manually select the 113 | # relevant list entry. 114 | 115 | SecondFactorDevice= 116 | 117 | 118 | # If you use the IBKR Mobile app for second factor authentication, 119 | # and you fail to complete the process before the time limit imposed 120 | # by IBKR, you can use this setting to tell IBC to exit: arrangements 121 | # can then be made to automatically restart IBC in order to initiate 122 | # the login sequence afresh. Otherwise, manual intervention at TWS's 123 | # Second Factor Authentication dialog is needed to complete the 124 | # login. 125 | # 126 | # Permitted values are 'yes' and 'no'. The default is 'no'. 127 | # 128 | # Note that the scripts provided with the IBC zips for Windows and 129 | # Linux provide options to automatically restart in these 130 | # circumstances, but only if this setting is also set to 'yes'. 131 | 132 | ExitAfterSecondFactorAuthenticationTimeout=no 133 | 134 | 135 | # This setting is only relevant if 136 | # ExitAfterSecondFactorAuthenticationTimeout is set to 'yes'. 137 | # 138 | # It controls how long (in seconds) IBC waits for login to complete 139 | # after the user acknowledges the second factor authentication 140 | # alert at the IBKR Mobile app. If login has not completed after 141 | # this time, IBC terminates. 142 | # The default value is 40. 143 | 144 | SecondFactorAuthenticationExitInterval= 145 | 146 | 147 | # Trading Mode 148 | # ------------ 149 | # 150 | # TWS 955 introduced a new Trading Mode combo box on its login 151 | # dialog. This indicates whether the live account or the paper 152 | # trading account corresponding to the supplied credentials is 153 | # to be used. The allowed values are 'live' (the default) and 154 | # 'paper'. For earlier versions of TWS this setting has no 155 | # effect. 156 | 157 | TradingMode= 158 | 159 | 160 | # Paper-trading Account Warning 161 | # ----------------------------- 162 | # 163 | # Logging in to a paper-trading account results in TWS displaying 164 | # a dialog asking the user to confirm that they are aware that this 165 | # is not a brokerage account. Until this dialog has been accepted, 166 | # TWS will not allow API connections to succeed. Setting this 167 | # to 'yes' (the default) will cause IBC to automatically 168 | # confirm acceptance. Setting it to 'no' will leave the dialog 169 | # on display, and the user will have to deal with it manually. 170 | 171 | AcceptNonBrokerageAccountWarning=yes 172 | 173 | 174 | # Login Dialog Display Timeout 175 | #----------------------------- 176 | # 177 | # In some circumstances, starting TWS may result in failure to display 178 | # the login dialog. Restarting TWS may help to resolve this situation, 179 | # and IBC does this automatically. 180 | # 181 | # This setting controls how long (in seconds) IBC waits for the login 182 | # dialog to appear before restarting TWS. 183 | # 184 | # Note that in normal circumstances with a reasonably specified 185 | # computer the time to displaying the login dialog is typically less 186 | # than 20 seconds, and frequently much less. However many factors can 187 | # influence this, and it is unwise to set this value too low. 188 | # 189 | # The default value is 60. 190 | 191 | LoginDialogDisplayTimeout = 60 192 | 193 | 194 | 195 | # ============================================================================= 196 | # 3. TWS Startup Settings 197 | # ============================================================================= 198 | 199 | # Path to settings store 200 | # ---------------------- 201 | # 202 | # Path to the directory where TWS should store its settings. This is 203 | # normally the folder in which TWS is installed. However you may set 204 | # it to some other location if you wish (for example if you want to 205 | # run multiple instances of TWS with different settings). 206 | # 207 | # It is recommended for clarity that you use an absolute path. The 208 | # effect of using a relative path is undefined. 209 | # 210 | # Linux and macOS users should use the appropriate path syntax. 211 | # 212 | # Note that, for Windows users, you MUST use double separator 213 | # characters to separate the elements of the folder path: for 214 | # example, IbDir=C:\\IBLiveSettings is valid, but 215 | # IbDir=C:\IBLiveSettings is NOT valid and will give unexpected 216 | # results. Linux and macOS users need not use double separators, 217 | # but they are acceptable. 218 | # 219 | # The default is the current working directory when IBC is 220 | # started. 221 | 222 | IbDir=/root/Jts 223 | 224 | 225 | # Store settings on server 226 | # ------------------------ 227 | # 228 | # If you wish to store a copy of your TWS settings on IB's 229 | # servers as well as locally on your computer, set this to 230 | # 'yes': this enables you to run TWS on different computers 231 | # with the same configuration, market data lines, etc. If set 232 | # to 'no', running TWS on different computers will not share the 233 | # same settings. If no value is specified, TWS will obtain its 234 | # settings from the same place as the last time this user logged 235 | # in (whether manually or using IBC). 236 | 237 | StoreSettingsOnServer= 238 | 239 | 240 | # Minimize TWS on startup 241 | # ----------------------- 242 | # 243 | # Set to 'yes' to minimize TWS when it starts: 244 | 245 | MinimizeMainWindow=no 246 | 247 | 248 | # Existing Session Detected Action 249 | # -------------------------------- 250 | # 251 | # When a user logs on to an IBKR account for trading purposes by any means, the 252 | # IBKR account server checks to see whether the account is already logged in 253 | # elsewhere. If so, a dialog is displayed to both the users that enables them 254 | # to determine what happens next. The 'ExistingSessionDetectedAction' setting 255 | # instructs TWS how to proceed when it displays this dialog: 256 | # 257 | # * If the new TWS session is set to 'secondary', the existing session continues 258 | # and the new session terminates. Thus a secondary TWS session can never 259 | # override any other session. 260 | # 261 | # * If the existing TWS session is set to 'primary', the existing session 262 | # continues and the new session terminates (even if the new session is also 263 | # set to primary). Thus a primary TWS session can never be overridden by 264 | # any new session). 265 | # 266 | # * If both the existing and the new TWS sessions are set to 'primaryoverride', 267 | # the existing session terminates and the new session proceeds. 268 | # 269 | # * If the existing TWS session is set to 'manual', the user must handle the 270 | # dialog. 271 | # 272 | # The difference between 'primary' and 'primaryoverride' is that a 273 | # 'primaryoverride' session can be overriden over by a new 'primary' session, 274 | # but a 'primary' session cannot be overriden by any other session. 275 | # 276 | # When set to 'primary', if another TWS session is started and manually told to 277 | # end the 'primary' session, the 'primary' session is automatically reconnected. 278 | # 279 | # The default is 'manual'. 280 | 281 | ExistingSessionDetectedAction=primary 282 | 283 | 284 | # Override TWS API Port Number 285 | # ---------------------------- 286 | # 287 | # If OverrideTwsApiPort is set to an integer, IBC changes the 288 | # 'Socket port' in TWS's API configuration to that number shortly 289 | # after startup. Leaving the setting blank will make no change to 290 | # the current setting. This setting is only intended for use in 291 | # certain specialized situations where the port number needs to 292 | # be set dynamically at run-time: most users will never need it, 293 | # so don't use it unless you know you need it. 294 | 295 | OverrideTwsApiPort=4000 296 | 297 | 298 | # Read-only Login 299 | # --------------- 300 | # 301 | # If ReadOnlyLogin is set to 'yes', and the user is enrolled in IB's 302 | # account security programme, the user will not be asked to perform 303 | # the second factor authentication action, and login to TWS will 304 | # occur automatically in read-only mode: in this mode, placing or 305 | # managing orders is not allowed. If set to 'no', and the user is 306 | # enrolled in IB's account security programme, the user must perform 307 | # the relevant second factor authentication action to complete the 308 | # login. 309 | 310 | # If the user is not enrolled in IB's account security programme, 311 | # this setting is ignored. The default is 'no'. 312 | 313 | ReadOnlyLogin=no 314 | 315 | 316 | # Read-only API 317 | # ------------- 318 | # 319 | # If ReadOnlyApi is set to 'yes', API programs cannot submit, modify 320 | # or cancel orders. If set to 'no', API programs can do these things. 321 | # If not set, the existing TWS/Gateway configuration is unchanged. 322 | # NB: this setting is really only supplied for the benefit of new TWS 323 | # or Gateway instances that are being automatically installed and 324 | # started without user intervention (eg Docker containers). Where 325 | # a user is involved, they should use the Global Configuration to 326 | # set the relevant checkbox (this only needs to be done once) and 327 | # not provide a value for this setting. 328 | 329 | ReadOnlyApi=${READ_ONLY_API} 330 | 331 | 332 | # Market data size for US stocks - lots or shares 333 | # ----------------------------------------------- 334 | # 335 | # Since IB introduced the option of market data for US stocks showing 336 | # bid, ask and last sizes in shares rather than lots, TWS and Gateway 337 | # display a dialog immediately after login notifying the user about 338 | # this and requiring user input before allowing market data to be 339 | # accessed. The user can request that the dialog not be shown again. 340 | # 341 | # It is recommended that the user should handle this dialog manually 342 | # rather than using these settings, which are provided for situations 343 | # where the user interface is not easily accessible, or where user 344 | # settings are not preserved between sessions (eg some Docker images). 345 | # 346 | # - If this setting is set to 'accept', the dialog will be handled 347 | # automatically and the option to not show it again will be 348 | # selected. 349 | # 350 | # Note that in this case, the only way to allow the dialog to be 351 | # displayed again is to manually enable the 'Bid, Ask and Last 352 | # Size Display Update' message in the 'Messages' section of the TWS 353 | # configuration dialog. So you should only use 'Accept' if you are 354 | # sure you really don't want the dialog to be displayed again, or 355 | # you have easy access to the user interface. 356 | # 357 | # - If set to 'defer', the dialog will be handled automatically (so 358 | # that market data will start), but the option to not show it again 359 | # will not be selected, and it will be shown again after the next 360 | # login. 361 | # 362 | # - If set to 'ignore', the user has to deal with the dialog manually. 363 | # 364 | # The default value is 'ignore'. 365 | # 366 | # Note if set to 'accept' or 'defer', TWS also automatically sets 367 | # the API settings checkbox labelled 'Send market data in lots for 368 | # US stocks for dual-mode API clients'. IBC cannot prevent this. 369 | # However you can change this immmediately by setting 370 | # SendMarketDataInLotsForUSstocks (see below) to 'no' . 371 | 372 | AcceptBidAskLastSizeDisplayUpdateNotification=accept 373 | 374 | 375 | # This setting determines whether the API settings checkbox labelled 376 | # 'Send market data in lots for US stocks for dual-mode API clients' 377 | # is set or cleared. If set to 'yes', the checkbox is set. If set to 378 | # 'no' the checkbox is cleared. If defaulted, the checkbox is 379 | # unchanged. 380 | 381 | SendMarketDataInLotsForUSstocks= 382 | 383 | 384 | 385 | # ============================================================================= 386 | # 4. TWS Auto-Closedown 387 | # ============================================================================= 388 | # 389 | # IMPORTANT NOTE: Starting with TWS 974, this setting no longer 390 | # works properly, because IB have changed the way TWS handles its 391 | # autologoff mechanism. 392 | # 393 | # You should now configure the TWS autologoff time to something 394 | # convenient for you, and restart IBC each day. 395 | # 396 | # Alternatively, discontinue use of IBC and use the auto-relogin 397 | # mechanism within TWS 974 and later versions (note that the 398 | # auto-relogin mechanism provided by IB is not available if you 399 | # use IBC). 400 | 401 | # Set to yes or no (lower case). 402 | # 403 | # yes means allow TWS to shut down automatically at its 404 | # specified shutdown time, which is set via the TWS 405 | # configuration menu. 406 | # 407 | # no means TWS never shuts down automatically. 408 | # 409 | # NB: IB recommends that you do not keep TWS running 410 | # continuously. If you set this setting to 'no', you may 411 | # experience incorrect TWS operation. 412 | # 413 | # NB: the default for this setting is 'no'. Since this will 414 | # only work properly with TWS versions earlier than 974, you 415 | # should explicitly set this to 'yes' for version 974 and later. 416 | 417 | IbAutoClosedown=yes 418 | 419 | 420 | 421 | # ============================================================================= 422 | # 5. TWS Tidy Closedown Time 423 | # ============================================================================= 424 | # 425 | # NB: starting with TWS 974 this is no longer a useful option 426 | # because both TWS and Gateway now have the same auto-logoff 427 | # mechanism, and IBC can no longer avoid this. 428 | # 429 | # Note that giving this setting a value does not change TWS's 430 | # auto-logoff in any way: any setting will be additional to the 431 | # TWS auto-logoff. 432 | # 433 | # To tell IBC to tidily close TWS at a specified time every 434 | # day, set this value to , for example: 435 | # ClosedownAt=22:00 436 | # 437 | # To tell IBC to tidily close TWS at a specified day and time 438 | # each week, set this value to , for example: 439 | # ClosedownAt=Friday 22:00 440 | # 441 | # Note that the day of the week must be specified using your 442 | # default locale. Also note that Java will only accept 443 | # characters encoded to ISO 8859-1 (Latin-1). This means that 444 | # if the day name in your default locale uses any non-Latin-1 445 | # characters you need to encode them using Unicode escapes 446 | # (see http://java.sun.com/docs/books/jls/third_edition/html/lexical.html#3.3 447 | # for details). For example, to tidily close TWS at 12:00 on 448 | # Saturday where the default locale is Simplified Chinese, 449 | # use the following: 450 | # #ClosedownAt=\u661F\u671F\u516D 12:00 451 | 452 | ClosedownAt= 453 | 454 | 455 | 456 | # ============================================================================= 457 | # 6. Other TWS Settings 458 | # ============================================================================= 459 | 460 | # Accept Incoming Connection 461 | # -------------------------- 462 | # 463 | # If set to 'accept', IBC automatically accepts incoming 464 | # API connection dialogs. If set to 'reject', IBC 465 | # automatically rejects incoming API connection dialogs. If 466 | # set to 'manual', the user must decide whether to accept or reject 467 | # incoming API connection dialogs. The default is 'manual'. 468 | # NB: it is recommended to set this to 'reject', and to explicitly 469 | # configure which IP addresses can connect to the API in TWS's API 470 | # configuration page, as this is much more secure (in this case, no 471 | # incoming API connection dialogs will occur for those IP addresses). 472 | 473 | AcceptIncomingConnectionAction=reject 474 | 475 | 476 | # Allow Blind Trading 477 | # ------------------- 478 | # 479 | # If you attempt to place an order for a contract for which 480 | # you have no market data subscription, TWS displays a dialog 481 | # to warn you against such blind trading. 482 | # 483 | # yes means the dialog is dismissed as though the user had 484 | # clicked the 'Ok' button: this means that you accept 485 | # the risk and want the order to be submitted. 486 | # 487 | # no means the dialog remains on display and must be 488 | # handled by the user. 489 | 490 | AllowBlindTrading=no 491 | 492 | 493 | # Save Settings on a Schedule 494 | # --------------------------- 495 | # 496 | # You can tell TWS to automatically save its settings on a schedule 497 | # of your choosing. You can specify one or more specific times, 498 | # like this: 499 | # 500 | # SaveTwsSettingsAt=HH:MM [ HH:MM]... 501 | # 502 | # for example: 503 | # SaveTwsSettingsAt=08:00 12:30 17:30 504 | # 505 | # Or you can specify an interval at which settings are to be saved, 506 | # optionally starting at a specific time and continuing until another 507 | # time, like this: 508 | # 509 | #SaveTwsSettingsAt=Every n [{mins | hours}] [hh:mm] [hh:mm] 510 | # 511 | # where the first hh:mm is the start time and the second is the end 512 | # time. If you don't specify the end time, settings are saved regularly 513 | # from the start time till midnight. If you don't specify the start time. 514 | # settings are saved regularly all day, beginning at 00:00. Note that 515 | # settings will always be saved at the end time, even if that is not 516 | # exactly one interval later than the previous time. If neither 'mins' 517 | # nor 'hours' is specified, 'mins' is assumed. Examples: 518 | # 519 | # To save every 30 minutes all day starting at 00:00 520 | #SaveTwsSettingsAt=Every 30 521 | #SaveTwsSettingsAt=Every 30 mins 522 | # 523 | # To save every hour starting at 08:00 and ending at midnight 524 | #SaveTwsSettingsAt=Every 1 hours 08:00 525 | #SaveTwsSettingsAt=Every 1 hours 08:00 00:00 526 | # 527 | # To save every 90 minutes starting at 08:00 up to and including 17:43 528 | #SaveTwsSettingsAt=Every 90 08:00 17:43 529 | 530 | SaveTwsSettingsAt= 531 | 532 | 533 | 534 | # ============================================================================= 535 | # 7. Settings Specific to Indian Versions of TWS 536 | # ============================================================================= 537 | 538 | # Indian versions of TWS may display a password expiry 539 | # notification dialog and a NSE Compliance dialog. These can be 540 | # dismissed by setting the following to yes. By default the 541 | # password expiry notice is not dismissed, but the NSE Compliance 542 | # notice is dismissed. 543 | 544 | # Warning: setting DismissPasswordExpiryWarning=yes will mean 545 | # you will not be notified when your password is about to expire. 546 | # You must then take other measures to ensure that your password 547 | # is changed within the expiry period, otherwise IBC will 548 | # not be able to login successfully. 549 | 550 | DismissPasswordExpiryWarning=no 551 | DismissNSEComplianceNotice=yes 552 | 553 | 554 | 555 | # ============================================================================= 556 | # 8. IBC Command Server Settings 557 | # ============================================================================= 558 | 559 | # Do NOT CHANGE THE FOLLOWING SETTINGS unless you 560 | # intend to issue commands to IBC (for example 561 | # using telnet). Note that these settings have nothing to 562 | # do with running programs that use the TWS API. 563 | 564 | # Command Server Port Number 565 | # -------------------------- 566 | # 567 | # The port number that IBC listens on for commands 568 | # such as "STOP". DO NOT set this to the port number 569 | # used for TWS API connections. There is no good reason 570 | # to change this setting unless the port is used by 571 | # some other application (typically another instance of 572 | # IBC). The default value is 0, which tells IBC not to 573 | # start the command server 574 | 575 | #CommandServerPort=7462 576 | 577 | 578 | # Permitted Command Sources 579 | # ------------------------- 580 | # 581 | # A comma separated list of IP addresses, or host names, 582 | # which are allowed addresses for sending commands to 583 | # IBC. Commands can always be sent from the 584 | # same host as IBC is running on. 585 | 586 | ControlFrom= 587 | 588 | 589 | # Address for Receiving Commands 590 | # ------------------------------ 591 | # 592 | # Specifies the IP address on which the Command Server 593 | # is to listen. For a multi-homed host, this can be used 594 | # to specify that connection requests are only to be 595 | # accepted on the specified address. The default is to 596 | # accept connection requests on all local addresses. 597 | 598 | BindAddress= 599 | 600 | 601 | # Command Prompt 602 | # -------------- 603 | # 604 | # The specified string is output by the server when 605 | # the connection is first opened and after the completion 606 | # of each command. This can be useful if sending commands 607 | # using an interactive program such as telnet. The default 608 | # is that no prompt is output. 609 | # For example: 610 | # 611 | # CommandPrompt=> 612 | 613 | CommandPrompt= 614 | 615 | 616 | # Suppress Command Server Info Messages 617 | # ------------------------------------- 618 | # 619 | # Some commands can return intermediate information about 620 | # their progress. This setting controls whether such 621 | # information is sent. The default is that such information 622 | # is not sent. 623 | 624 | SuppressInfoMessages=yes 625 | 626 | 627 | 628 | # ============================================================================= 629 | # 9. Diagnostic Settings 630 | # ============================================================================= 631 | # 632 | # IBC can log information about the structure of windows 633 | # displayed by TWS. This information is useful when adding 634 | # new features to IBC or when behaviour is not as expected. 635 | # 636 | # The logged information shows the hierarchical organisation 637 | # of all the components of the window, and includes the 638 | # current values of text boxes and labels. 639 | # 640 | # Note that this structure logging has a small performance 641 | # impact, and depending on the settings can cause the logfile 642 | # size to be significantly increased. It is therefore 643 | # recommended that the LogStructureWhen setting be set to 644 | # 'never' (the default) unless there is a specific reason 645 | # that this information is needed. 646 | 647 | 648 | # Scope of Structure Logging 649 | # -------------------------- 650 | # 651 | # The LogStructureScope setting indicates which windows are 652 | # eligible for structure logging: 653 | # 654 | # - if set to 'known', only windows that IBC recognizes 655 | # are eligible - these are windows that IBC has some 656 | # interest in monitoring, usually to take some action 657 | # on the user's behalf; 658 | # 659 | # - if set to 'unknown', only windows that IBC does not 660 | # recognize are eligible. Most windows displayed by 661 | # TWS fall into this category; 662 | # 663 | # - if set to 'untitled', only windows that IBC does not 664 | # recognize and that have no title are eligible. These 665 | # are usually message boxes or similar small windows, 666 | # 667 | # - if set to 'all', then every window displayed by TWS 668 | # is eligible. 669 | # 670 | # The default value is 'known'. 671 | 672 | LogStructureScope=known 673 | 674 | 675 | # When to Log Window Structure 676 | # ---------------------------- 677 | # 678 | # The LogStructureWhen setting specifies the circumstances 679 | # when eligible TWS windows have their structure logged: 680 | # 681 | # - if set to 'open' or 'yes' or 'true', IBC logs the 682 | # structure of an eligible window the first time it 683 | # is encountered; 684 | # 685 | # - if set to 'activate', the structure is logged every 686 | # time an eligible window is made active; 687 | # 688 | # - if set to 'never' or 'no' or 'false', structure 689 | # information is never logged. 690 | # 691 | # The default value is 'never'. 692 | 693 | LogStructureWhen=never 694 | 695 | 696 | # DEPRECATED SETTING 697 | # ------------------ 698 | # 699 | # LogComponents - THIS SETTING WILL BE REMOVED IN A FUTURE 700 | # RELEASE 701 | # 702 | # If LogComponents is set to any value, this is equivalent 703 | # to setting LogStructureWhen to that same value and 704 | # LogStructureScope to 'all': the actual values of those 705 | # settings are ignored. The default is that the values 706 | # of LogStructureScope and LogStructureWhen are honoured. 707 | 708 | #LogComponents= 709 | 710 | 711 | -------------------------------------------------------------------------------- /latest/config/ibgateway/jts.ini: -------------------------------------------------------------------------------- 1 | [IBGateway] 2 | WriteDebug=false 3 | TrustedIPs=127.0.0.1 4 | ApiOnly=true 5 | 6 | [Logon] 7 | Locale=en 8 | TimeZone=Etc/UTC 9 | displayedproxymsg=1 10 | UseSSL=true 11 | s3store=true 12 | 13 | [Communication] 14 | -------------------------------------------------------------------------------- /latest/scripts/fork_ports_delayed.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sleep 30 4 | 5 | if [ "$TRADING_MODE" = "paper" ]; then 6 | printf "Forking :::4000 onto 0.0.0.0:4002\n" 7 | socat TCP-LISTEN:4002,fork TCP:127.0.0.1:4000 8 | else 9 | printf "Forking :::4000 onto 0.0.0.0:4001\n" 10 | socat TCP-LISTEN:4001,fork TCP:127.0.0.1:4000 11 | fi 12 | -------------------------------------------------------------------------------- /latest/scripts/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | export DISPLAY=:1 4 | 5 | rm -f /tmp/.X1-lock 6 | Xvfb :1 -ac -screen 0 1024x768x16 & 7 | 8 | if [ -n "$VNC_SERVER_PASSWORD" ]; then 9 | echo "Starting VNC server" 10 | /root/scripts/run_x11_vnc.sh & 11 | fi 12 | 13 | envsubst < "${IBC_INI}.tmpl" > "${IBC_INI}" 14 | 15 | /root/scripts/fork_ports_delayed.sh & 16 | 17 | /root/ibc/scripts/ibcstart.sh "${TWS_MAJOR_VRSN}" -g \ 18 | "--tws-path=${TWS_PATH}" \ 19 | "--ibc-path=${IBC_PATH}" "--ibc-ini=${IBC_INI}" \ 20 | "--user=${TWS_USERID}" "--pw=${TWS_PASSWORD}" "--mode=${TRADING_MODE}" \ 21 | "--on2fatimeout=${TWOFA_TIMEOUT_ACTION}" 22 | -------------------------------------------------------------------------------- /latest/scripts/run_x11_vnc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | x11vnc -ncache_cr -display :1 -forever -shared -logappend /var/log/x11vnc.log -bg -noipv6 -passwd "$VNC_SERVER_PASSWORD" 4 | -------------------------------------------------------------------------------- /logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/UnusualAlpha/ib-gateway-docker/b9017e3618949a238e46cd917e1d1ebb206ce1d9/logo.png -------------------------------------------------------------------------------- /stable/Dockerfile: -------------------------------------------------------------------------------- 1 | 2 | # 3 | # Setup Stage: install apps 4 | # 5 | # This is a dedicated stage so that donwload archives don't end up on 6 | # production image and consume unnecessary space. 7 | # 8 | 9 | FROM ubuntu:22.04 as setup 10 | 11 | ENV IB_GATEWAY_VERSION=10.19.1j 12 | ENV IB_GATEWAY_RELEASE_CHANNEL=stable 13 | ENV IBC_VERSION=3.15.2 14 | 15 | # Prepare system 16 | RUN apt-get update -y 17 | RUN apt-get install --no-install-recommends --yes \ 18 | curl \ 19 | ca-certificates \ 20 | unzip 21 | 22 | WORKDIR /tmp/setup 23 | 24 | # Install IB Gateway 25 | # Use this instead of "RUN curl .." to install a local file: 26 | #COPY ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh . 27 | RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/releases/download/ibgateway-${IB_GATEWAY_RELEASE_CHANNEL}%40${IB_GATEWAY_VERSION}/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh \ 28 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 29 | RUN curl -sSL https://github.com/UnusualAlpha/ib-gateway-docker/releases/download/ibgateway-${IB_GATEWAY_RELEASE_CHANNEL}%40${IB_GATEWAY_VERSION}/ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 \ 30 | --output ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 31 | RUN sha256sum --check ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh.sha256 32 | RUN chmod a+x ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh 33 | RUN ./ibgateway-${IB_GATEWAY_VERSION}-standalone-linux-x64.sh -q -dir /root/Jts/ibgateway/${IB_GATEWAY_VERSION} 34 | COPY ./config/ibgateway/jts.ini /root/Jts/jts.ini 35 | 36 | # Install IBC 37 | RUN curl -sSL https://github.com/IbcAlpha/IBC/releases/download/${IBC_VERSION}/IBCLinux-${IBC_VERSION}.zip --output IBCLinux-${IBC_VERSION}.zip 38 | RUN mkdir /root/ibc 39 | RUN unzip ./IBCLinux-${IBC_VERSION}.zip -d /root/ibc 40 | RUN chmod -R u+x /root/ibc/*.sh 41 | RUN chmod -R u+x /root/ibc/scripts/*.sh 42 | COPY ./config/ibc/config.ini.tmpl /root/ibc/config.ini.tmpl 43 | 44 | # Copy scripts 45 | COPY ./scripts /root/scripts 46 | 47 | # 48 | # Build Stage: build production image 49 | # 50 | 51 | FROM ubuntu:22.04 52 | 53 | ENV IB_GATEWAY_VERSION=10.19.1j 54 | 55 | WORKDIR /root 56 | 57 | # Prepare system 58 | RUN apt-get update -y 59 | RUN apt-get install --no-install-recommends --yes \ 60 | gettext \ 61 | xvfb \ 62 | libxslt-dev \ 63 | libxrender1 \ 64 | libxtst6 \ 65 | libxi6 \ 66 | libgtk2.0-bin \ 67 | socat \ 68 | x11vnc 69 | 70 | # Copy files 71 | COPY --from=setup /root/ . 72 | RUN chmod a+x /root/scripts/*.sh 73 | COPY --from=setup /usr/local/i4j_jres/ /usr/local/i4j_jres 74 | 75 | # IBC env vars 76 | ENV TWS_MAJOR_VRSN ${IB_GATEWAY_VERSION} 77 | ENV TWS_PATH /root/Jts 78 | ENV IBC_PATH /root/ibc 79 | ENV IBC_INI /root/ibc/config.ini 80 | ENV TWOFA_TIMEOUT_ACTION exit 81 | 82 | # Start run script 83 | CMD ["/root/scripts/run.sh"] 84 | -------------------------------------------------------------------------------- /stable/config/ibc/config.ini.tmpl: -------------------------------------------------------------------------------- 1 | # Note that in the comments in this file, TWS refers to both the Trader 2 | # Workstation and the IB Gateway, unless explicitly stated otherwise. 3 | # 4 | # When referred to below, the default value for a setting is the value 5 | # assumed if either the setting is included but no value is specified, or 6 | # the setting is not included at all. 7 | # 8 | # IBC may also be used to start the FIX CTCI Gateway. All settings 9 | # relating to this have names prefixed with FIX. 10 | # 11 | # The IB API Gateway and the FIX CTCI Gateway share the same code. Which 12 | # gateway actually runs is governed by an option on the initial gateway 13 | # login screen. The FIX setting described under IBC Startup 14 | # Settings below controls this. 15 | 16 | 17 | 18 | # ============================================================================= 19 | # 1. IBC Startup Settings 20 | # ============================================================================= 21 | 22 | 23 | # IBC may be used to start the IB Gateway for the FIX CTCI. This 24 | # setting must be set to 'yes' if you want to run the FIX CTCI gateway. The 25 | # default is 'no'. 26 | 27 | FIX=no 28 | 29 | 30 | 31 | # ============================================================================= 32 | # 2. Authentication Settings 33 | # ============================================================================= 34 | 35 | # TWS and the IB API gateway require a single username and password. 36 | # You may specify the username and password using the following settings: 37 | # 38 | # IbLoginId 39 | # IbPassword 40 | # 41 | # Alternatively, you can specify the username and password in the command 42 | # files used to start TWS or the Gateway, but this is not recommended for 43 | # security reasons. 44 | # 45 | # If you don't specify them, you will be prompted for them in the usual 46 | # login dialog when TWS starts (but whatever you have specified will be 47 | # included in the dialog automatically: for example you may specify the 48 | # username but not the password, and then you will be prompted for the 49 | # password via the login dialog). Note that if you specify either 50 | # the username or the password (or both) in the command file, then 51 | # IbLoginId and IbPassword settings defined in this file are ignored. 52 | # 53 | # 54 | # The FIX CTCI gateway requires one username and password for FIX order 55 | # routing, and optionally a separate username and password for market 56 | # data connections. You may specify the usernames and passwords using 57 | # the following settings: 58 | # 59 | # FIXLoginId 60 | # FIXPassword 61 | # IbLoginId (optional - for market data connections) 62 | # IbPassword (optional - for market data connections) 63 | # 64 | # Alternatively you can specify the FIX username and password in the 65 | # command file used to start the FIX CTCI Gateway, but this is not 66 | # recommended for security reasons. 67 | # 68 | # If you don't specify them, you will be prompted for them in the usual 69 | # login dialog when FIX CTCI gateway starts (but whatever you have 70 | # specified will be included in the dialog automatically: for example 71 | # you may specify the usernames but not the passwords, and then you will 72 | # be prompted for the passwords via the login dialog). Note that if you 73 | # specify either the FIX username or the FIX password (or both) on the 74 | # command line, then FIXLoginId and FIXPassword settings defined in this 75 | # file are ignored; he same applies to the market data username and 76 | # password. 77 | 78 | # IB API Authentication Settings 79 | # ------------------------------ 80 | 81 | # Your TWS username: 82 | 83 | IbLoginId= 84 | 85 | 86 | # Your TWS password: 87 | 88 | IbPassword= 89 | 90 | 91 | # FIX CTCI Authentication Settings 92 | # -------------------------------- 93 | 94 | # Your FIX CTCI username: 95 | 96 | FIXLoginId= 97 | 98 | 99 | # Your FIX CTCI password: 100 | 101 | FIXPassword= 102 | 103 | 104 | # Second Factor Authentication Settings 105 | # ------------------------------------- 106 | 107 | # If you have enabled more than one second factor authentication 108 | # device, TWS presents a list from which you must select the device 109 | # you want to use for this login. You can use this setting to 110 | # instruct IBC to select a particular item in the list on your 111 | # behalf. Note that you must spell this value exactly as it appears 112 | # in the list. If no value is set, you must manually select the 113 | # relevant list entry. 114 | 115 | SecondFactorDevice= 116 | 117 | 118 | # If you use the IBKR Mobile app for second factor authentication, 119 | # and you fail to complete the process before the time limit imposed 120 | # by IBKR, you can use this setting to tell IBC to exit: arrangements 121 | # can then be made to automatically restart IBC in order to initiate 122 | # the login sequence afresh. Otherwise, manual intervention at TWS's 123 | # Second Factor Authentication dialog is needed to complete the 124 | # login. 125 | # 126 | # Permitted values are 'yes' and 'no'. The default is 'no'. 127 | # 128 | # Note that the scripts provided with the IBC zips for Windows and 129 | # Linux provide options to automatically restart in these 130 | # circumstances, but only if this setting is also set to 'yes'. 131 | 132 | ExitAfterSecondFactorAuthenticationTimeout=no 133 | 134 | 135 | # This setting is only relevant if 136 | # ExitAfterSecondFactorAuthenticationTimeout is set to 'yes'. 137 | # 138 | # It controls how long (in seconds) IBC waits for login to complete 139 | # after the user acknowledges the second factor authentication 140 | # alert at the IBKR Mobile app. If login has not completed after 141 | # this time, IBC terminates. 142 | # The default value is 40. 143 | 144 | SecondFactorAuthenticationExitInterval= 145 | 146 | 147 | # Trading Mode 148 | # ------------ 149 | # 150 | # TWS 955 introduced a new Trading Mode combo box on its login 151 | # dialog. This indicates whether the live account or the paper 152 | # trading account corresponding to the supplied credentials is 153 | # to be used. The allowed values are 'live' (the default) and 154 | # 'paper'. For earlier versions of TWS this setting has no 155 | # effect. 156 | 157 | TradingMode= 158 | 159 | 160 | # Paper-trading Account Warning 161 | # ----------------------------- 162 | # 163 | # Logging in to a paper-trading account results in TWS displaying 164 | # a dialog asking the user to confirm that they are aware that this 165 | # is not a brokerage account. Until this dialog has been accepted, 166 | # TWS will not allow API connections to succeed. Setting this 167 | # to 'yes' (the default) will cause IBC to automatically 168 | # confirm acceptance. Setting it to 'no' will leave the dialog 169 | # on display, and the user will have to deal with it manually. 170 | 171 | AcceptNonBrokerageAccountWarning=yes 172 | 173 | 174 | # Login Dialog Display Timeout 175 | #----------------------------- 176 | # 177 | # In some circumstances, starting TWS may result in failure to display 178 | # the login dialog. Restarting TWS may help to resolve this situation, 179 | # and IBC does this automatically. 180 | # 181 | # This setting controls how long (in seconds) IBC waits for the login 182 | # dialog to appear before restarting TWS. 183 | # 184 | # Note that in normal circumstances with a reasonably specified 185 | # computer the time to displaying the login dialog is typically less 186 | # than 20 seconds, and frequently much less. However many factors can 187 | # influence this, and it is unwise to set this value too low. 188 | # 189 | # The default value is 60. 190 | 191 | LoginDialogDisplayTimeout = 60 192 | 193 | 194 | 195 | # ============================================================================= 196 | # 3. TWS Startup Settings 197 | # ============================================================================= 198 | 199 | # Path to settings store 200 | # ---------------------- 201 | # 202 | # Path to the directory where TWS should store its settings. This is 203 | # normally the folder in which TWS is installed. However you may set 204 | # it to some other location if you wish (for example if you want to 205 | # run multiple instances of TWS with different settings). 206 | # 207 | # It is recommended for clarity that you use an absolute path. The 208 | # effect of using a relative path is undefined. 209 | # 210 | # Linux and macOS users should use the appropriate path syntax. 211 | # 212 | # Note that, for Windows users, you MUST use double separator 213 | # characters to separate the elements of the folder path: for 214 | # example, IbDir=C:\\IBLiveSettings is valid, but 215 | # IbDir=C:\IBLiveSettings is NOT valid and will give unexpected 216 | # results. Linux and macOS users need not use double separators, 217 | # but they are acceptable. 218 | # 219 | # The default is the current working directory when IBC is 220 | # started. 221 | 222 | IbDir=/root/Jts 223 | 224 | 225 | # Store settings on server 226 | # ------------------------ 227 | # 228 | # If you wish to store a copy of your TWS settings on IB's 229 | # servers as well as locally on your computer, set this to 230 | # 'yes': this enables you to run TWS on different computers 231 | # with the same configuration, market data lines, etc. If set 232 | # to 'no', running TWS on different computers will not share the 233 | # same settings. If no value is specified, TWS will obtain its 234 | # settings from the same place as the last time this user logged 235 | # in (whether manually or using IBC). 236 | 237 | StoreSettingsOnServer= 238 | 239 | 240 | # Minimize TWS on startup 241 | # ----------------------- 242 | # 243 | # Set to 'yes' to minimize TWS when it starts: 244 | 245 | MinimizeMainWindow=no 246 | 247 | 248 | # Existing Session Detected Action 249 | # -------------------------------- 250 | # 251 | # When a user logs on to an IBKR account for trading purposes by any means, the 252 | # IBKR account server checks to see whether the account is already logged in 253 | # elsewhere. If so, a dialog is displayed to both the users that enables them 254 | # to determine what happens next. The 'ExistingSessionDetectedAction' setting 255 | # instructs TWS how to proceed when it displays this dialog: 256 | # 257 | # * If the new TWS session is set to 'secondary', the existing session continues 258 | # and the new session terminates. Thus a secondary TWS session can never 259 | # override any other session. 260 | # 261 | # * If the existing TWS session is set to 'primary', the existing session 262 | # continues and the new session terminates (even if the new session is also 263 | # set to primary). Thus a primary TWS session can never be overridden by 264 | # any new session). 265 | # 266 | # * If both the existing and the new TWS sessions are set to 'primaryoverride', 267 | # the existing session terminates and the new session proceeds. 268 | # 269 | # * If the existing TWS session is set to 'manual', the user must handle the 270 | # dialog. 271 | # 272 | # The difference between 'primary' and 'primaryoverride' is that a 273 | # 'primaryoverride' session can be overriden over by a new 'primary' session, 274 | # but a 'primary' session cannot be overriden by any other session. 275 | # 276 | # When set to 'primary', if another TWS session is started and manually told to 277 | # end the 'primary' session, the 'primary' session is automatically reconnected. 278 | # 279 | # The default is 'manual'. 280 | 281 | ExistingSessionDetectedAction=primary 282 | 283 | 284 | # Override TWS API Port Number 285 | # ---------------------------- 286 | # 287 | # If OverrideTwsApiPort is set to an integer, IBC changes the 288 | # 'Socket port' in TWS's API configuration to that number shortly 289 | # after startup. Leaving the setting blank will make no change to 290 | # the current setting. This setting is only intended for use in 291 | # certain specialized situations where the port number needs to 292 | # be set dynamically at run-time: most users will never need it, 293 | # so don't use it unless you know you need it. 294 | 295 | OverrideTwsApiPort=4000 296 | 297 | 298 | # Read-only Login 299 | # --------------- 300 | # 301 | # If ReadOnlyLogin is set to 'yes', and the user is enrolled in IB's 302 | # account security programme, the user will not be asked to perform 303 | # the second factor authentication action, and login to TWS will 304 | # occur automatically in read-only mode: in this mode, placing or 305 | # managing orders is not allowed. If set to 'no', and the user is 306 | # enrolled in IB's account security programme, the user must perform 307 | # the relevant second factor authentication action to complete the 308 | # login. 309 | 310 | # If the user is not enrolled in IB's account security programme, 311 | # this setting is ignored. The default is 'no'. 312 | 313 | ReadOnlyLogin=no 314 | 315 | 316 | # Read-only API 317 | # ------------- 318 | # 319 | # If ReadOnlyApi is set to 'yes', API programs cannot submit, modify 320 | # or cancel orders. If set to 'no', API programs can do these things. 321 | # If not set, the existing TWS/Gateway configuration is unchanged. 322 | # NB: this setting is really only supplied for the benefit of new TWS 323 | # or Gateway instances that are being automatically installed and 324 | # started without user intervention (eg Docker containers). Where 325 | # a user is involved, they should use the Global Configuration to 326 | # set the relevant checkbox (this only needs to be done once) and 327 | # not provide a value for this setting. 328 | 329 | ReadOnlyApi=${READ_ONLY_API} 330 | 331 | 332 | # Market data size for US stocks - lots or shares 333 | # ----------------------------------------------- 334 | # 335 | # Since IB introduced the option of market data for US stocks showing 336 | # bid, ask and last sizes in shares rather than lots, TWS and Gateway 337 | # display a dialog immediately after login notifying the user about 338 | # this and requiring user input before allowing market data to be 339 | # accessed. The user can request that the dialog not be shown again. 340 | # 341 | # It is recommended that the user should handle this dialog manually 342 | # rather than using these settings, which are provided for situations 343 | # where the user interface is not easily accessible, or where user 344 | # settings are not preserved between sessions (eg some Docker images). 345 | # 346 | # - If this setting is set to 'accept', the dialog will be handled 347 | # automatically and the option to not show it again will be 348 | # selected. 349 | # 350 | # Note that in this case, the only way to allow the dialog to be 351 | # displayed again is to manually enable the 'Bid, Ask and Last 352 | # Size Display Update' message in the 'Messages' section of the TWS 353 | # configuration dialog. So you should only use 'Accept' if you are 354 | # sure you really don't want the dialog to be displayed again, or 355 | # you have easy access to the user interface. 356 | # 357 | # - If set to 'defer', the dialog will be handled automatically (so 358 | # that market data will start), but the option to not show it again 359 | # will not be selected, and it will be shown again after the next 360 | # login. 361 | # 362 | # - If set to 'ignore', the user has to deal with the dialog manually. 363 | # 364 | # The default value is 'ignore'. 365 | # 366 | # Note if set to 'accept' or 'defer', TWS also automatically sets 367 | # the API settings checkbox labelled 'Send market data in lots for 368 | # US stocks for dual-mode API clients'. IBC cannot prevent this. 369 | # However you can change this immmediately by setting 370 | # SendMarketDataInLotsForUSstocks (see below) to 'no' . 371 | 372 | AcceptBidAskLastSizeDisplayUpdateNotification=accept 373 | 374 | 375 | # This setting determines whether the API settings checkbox labelled 376 | # 'Send market data in lots for US stocks for dual-mode API clients' 377 | # is set or cleared. If set to 'yes', the checkbox is set. If set to 378 | # 'no' the checkbox is cleared. If defaulted, the checkbox is 379 | # unchanged. 380 | 381 | SendMarketDataInLotsForUSstocks= 382 | 383 | 384 | 385 | # ============================================================================= 386 | # 4. TWS Auto-Closedown 387 | # ============================================================================= 388 | # 389 | # IMPORTANT NOTE: Starting with TWS 974, this setting no longer 390 | # works properly, because IB have changed the way TWS handles its 391 | # autologoff mechanism. 392 | # 393 | # You should now configure the TWS autologoff time to something 394 | # convenient for you, and restart IBC each day. 395 | # 396 | # Alternatively, discontinue use of IBC and use the auto-relogin 397 | # mechanism within TWS 974 and later versions (note that the 398 | # auto-relogin mechanism provided by IB is not available if you 399 | # use IBC). 400 | 401 | # Set to yes or no (lower case). 402 | # 403 | # yes means allow TWS to shut down automatically at its 404 | # specified shutdown time, which is set via the TWS 405 | # configuration menu. 406 | # 407 | # no means TWS never shuts down automatically. 408 | # 409 | # NB: IB recommends that you do not keep TWS running 410 | # continuously. If you set this setting to 'no', you may 411 | # experience incorrect TWS operation. 412 | # 413 | # NB: the default for this setting is 'no'. Since this will 414 | # only work properly with TWS versions earlier than 974, you 415 | # should explicitly set this to 'yes' for version 974 and later. 416 | 417 | IbAutoClosedown=yes 418 | 419 | 420 | 421 | # ============================================================================= 422 | # 5. TWS Tidy Closedown Time 423 | # ============================================================================= 424 | # 425 | # NB: starting with TWS 974 this is no longer a useful option 426 | # because both TWS and Gateway now have the same auto-logoff 427 | # mechanism, and IBC can no longer avoid this. 428 | # 429 | # Note that giving this setting a value does not change TWS's 430 | # auto-logoff in any way: any setting will be additional to the 431 | # TWS auto-logoff. 432 | # 433 | # To tell IBC to tidily close TWS at a specified time every 434 | # day, set this value to , for example: 435 | # ClosedownAt=22:00 436 | # 437 | # To tell IBC to tidily close TWS at a specified day and time 438 | # each week, set this value to , for example: 439 | # ClosedownAt=Friday 22:00 440 | # 441 | # Note that the day of the week must be specified using your 442 | # default locale. Also note that Java will only accept 443 | # characters encoded to ISO 8859-1 (Latin-1). This means that 444 | # if the day name in your default locale uses any non-Latin-1 445 | # characters you need to encode them using Unicode escapes 446 | # (see http://java.sun.com/docs/books/jls/third_edition/html/lexical.html#3.3 447 | # for details). For example, to tidily close TWS at 12:00 on 448 | # Saturday where the default locale is Simplified Chinese, 449 | # use the following: 450 | # #ClosedownAt=\u661F\u671F\u516D 12:00 451 | 452 | ClosedownAt= 453 | 454 | 455 | 456 | # ============================================================================= 457 | # 6. Other TWS Settings 458 | # ============================================================================= 459 | 460 | # Accept Incoming Connection 461 | # -------------------------- 462 | # 463 | # If set to 'accept', IBC automatically accepts incoming 464 | # API connection dialogs. If set to 'reject', IBC 465 | # automatically rejects incoming API connection dialogs. If 466 | # set to 'manual', the user must decide whether to accept or reject 467 | # incoming API connection dialogs. The default is 'manual'. 468 | # NB: it is recommended to set this to 'reject', and to explicitly 469 | # configure which IP addresses can connect to the API in TWS's API 470 | # configuration page, as this is much more secure (in this case, no 471 | # incoming API connection dialogs will occur for those IP addresses). 472 | 473 | AcceptIncomingConnectionAction=reject 474 | 475 | 476 | # Allow Blind Trading 477 | # ------------------- 478 | # 479 | # If you attempt to place an order for a contract for which 480 | # you have no market data subscription, TWS displays a dialog 481 | # to warn you against such blind trading. 482 | # 483 | # yes means the dialog is dismissed as though the user had 484 | # clicked the 'Ok' button: this means that you accept 485 | # the risk and want the order to be submitted. 486 | # 487 | # no means the dialog remains on display and must be 488 | # handled by the user. 489 | 490 | AllowBlindTrading=no 491 | 492 | 493 | # Save Settings on a Schedule 494 | # --------------------------- 495 | # 496 | # You can tell TWS to automatically save its settings on a schedule 497 | # of your choosing. You can specify one or more specific times, 498 | # like this: 499 | # 500 | # SaveTwsSettingsAt=HH:MM [ HH:MM]... 501 | # 502 | # for example: 503 | # SaveTwsSettingsAt=08:00 12:30 17:30 504 | # 505 | # Or you can specify an interval at which settings are to be saved, 506 | # optionally starting at a specific time and continuing until another 507 | # time, like this: 508 | # 509 | #SaveTwsSettingsAt=Every n [{mins | hours}] [hh:mm] [hh:mm] 510 | # 511 | # where the first hh:mm is the start time and the second is the end 512 | # time. If you don't specify the end time, settings are saved regularly 513 | # from the start time till midnight. If you don't specify the start time. 514 | # settings are saved regularly all day, beginning at 00:00. Note that 515 | # settings will always be saved at the end time, even if that is not 516 | # exactly one interval later than the previous time. If neither 'mins' 517 | # nor 'hours' is specified, 'mins' is assumed. Examples: 518 | # 519 | # To save every 30 minutes all day starting at 00:00 520 | #SaveTwsSettingsAt=Every 30 521 | #SaveTwsSettingsAt=Every 30 mins 522 | # 523 | # To save every hour starting at 08:00 and ending at midnight 524 | #SaveTwsSettingsAt=Every 1 hours 08:00 525 | #SaveTwsSettingsAt=Every 1 hours 08:00 00:00 526 | # 527 | # To save every 90 minutes starting at 08:00 up to and including 17:43 528 | #SaveTwsSettingsAt=Every 90 08:00 17:43 529 | 530 | SaveTwsSettingsAt= 531 | 532 | 533 | 534 | # ============================================================================= 535 | # 7. Settings Specific to Indian Versions of TWS 536 | # ============================================================================= 537 | 538 | # Indian versions of TWS may display a password expiry 539 | # notification dialog and a NSE Compliance dialog. These can be 540 | # dismissed by setting the following to yes. By default the 541 | # password expiry notice is not dismissed, but the NSE Compliance 542 | # notice is dismissed. 543 | 544 | # Warning: setting DismissPasswordExpiryWarning=yes will mean 545 | # you will not be notified when your password is about to expire. 546 | # You must then take other measures to ensure that your password 547 | # is changed within the expiry period, otherwise IBC will 548 | # not be able to login successfully. 549 | 550 | DismissPasswordExpiryWarning=no 551 | DismissNSEComplianceNotice=yes 552 | 553 | 554 | 555 | # ============================================================================= 556 | # 8. IBC Command Server Settings 557 | # ============================================================================= 558 | 559 | # Do NOT CHANGE THE FOLLOWING SETTINGS unless you 560 | # intend to issue commands to IBC (for example 561 | # using telnet). Note that these settings have nothing to 562 | # do with running programs that use the TWS API. 563 | 564 | # Command Server Port Number 565 | # -------------------------- 566 | # 567 | # The port number that IBC listens on for commands 568 | # such as "STOP". DO NOT set this to the port number 569 | # used for TWS API connections. There is no good reason 570 | # to change this setting unless the port is used by 571 | # some other application (typically another instance of 572 | # IBC). The default value is 0, which tells IBC not to 573 | # start the command server 574 | 575 | #CommandServerPort=7462 576 | 577 | 578 | # Permitted Command Sources 579 | # ------------------------- 580 | # 581 | # A comma separated list of IP addresses, or host names, 582 | # which are allowed addresses for sending commands to 583 | # IBC. Commands can always be sent from the 584 | # same host as IBC is running on. 585 | 586 | ControlFrom= 587 | 588 | 589 | # Address for Receiving Commands 590 | # ------------------------------ 591 | # 592 | # Specifies the IP address on which the Command Server 593 | # is to listen. For a multi-homed host, this can be used 594 | # to specify that connection requests are only to be 595 | # accepted on the specified address. The default is to 596 | # accept connection requests on all local addresses. 597 | 598 | BindAddress= 599 | 600 | 601 | # Command Prompt 602 | # -------------- 603 | # 604 | # The specified string is output by the server when 605 | # the connection is first opened and after the completion 606 | # of each command. This can be useful if sending commands 607 | # using an interactive program such as telnet. The default 608 | # is that no prompt is output. 609 | # For example: 610 | # 611 | # CommandPrompt=> 612 | 613 | CommandPrompt= 614 | 615 | 616 | # Suppress Command Server Info Messages 617 | # ------------------------------------- 618 | # 619 | # Some commands can return intermediate information about 620 | # their progress. This setting controls whether such 621 | # information is sent. The default is that such information 622 | # is not sent. 623 | 624 | SuppressInfoMessages=yes 625 | 626 | 627 | 628 | # ============================================================================= 629 | # 9. Diagnostic Settings 630 | # ============================================================================= 631 | # 632 | # IBC can log information about the structure of windows 633 | # displayed by TWS. This information is useful when adding 634 | # new features to IBC or when behaviour is not as expected. 635 | # 636 | # The logged information shows the hierarchical organisation 637 | # of all the components of the window, and includes the 638 | # current values of text boxes and labels. 639 | # 640 | # Note that this structure logging has a small performance 641 | # impact, and depending on the settings can cause the logfile 642 | # size to be significantly increased. It is therefore 643 | # recommended that the LogStructureWhen setting be set to 644 | # 'never' (the default) unless there is a specific reason 645 | # that this information is needed. 646 | 647 | 648 | # Scope of Structure Logging 649 | # -------------------------- 650 | # 651 | # The LogStructureScope setting indicates which windows are 652 | # eligible for structure logging: 653 | # 654 | # - if set to 'known', only windows that IBC recognizes 655 | # are eligible - these are windows that IBC has some 656 | # interest in monitoring, usually to take some action 657 | # on the user's behalf; 658 | # 659 | # - if set to 'unknown', only windows that IBC does not 660 | # recognize are eligible. Most windows displayed by 661 | # TWS fall into this category; 662 | # 663 | # - if set to 'untitled', only windows that IBC does not 664 | # recognize and that have no title are eligible. These 665 | # are usually message boxes or similar small windows, 666 | # 667 | # - if set to 'all', then every window displayed by TWS 668 | # is eligible. 669 | # 670 | # The default value is 'known'. 671 | 672 | LogStructureScope=known 673 | 674 | 675 | # When to Log Window Structure 676 | # ---------------------------- 677 | # 678 | # The LogStructureWhen setting specifies the circumstances 679 | # when eligible TWS windows have their structure logged: 680 | # 681 | # - if set to 'open' or 'yes' or 'true', IBC logs the 682 | # structure of an eligible window the first time it 683 | # is encountered; 684 | # 685 | # - if set to 'activate', the structure is logged every 686 | # time an eligible window is made active; 687 | # 688 | # - if set to 'never' or 'no' or 'false', structure 689 | # information is never logged. 690 | # 691 | # The default value is 'never'. 692 | 693 | LogStructureWhen=never 694 | 695 | 696 | # DEPRECATED SETTING 697 | # ------------------ 698 | # 699 | # LogComponents - THIS SETTING WILL BE REMOVED IN A FUTURE 700 | # RELEASE 701 | # 702 | # If LogComponents is set to any value, this is equivalent 703 | # to setting LogStructureWhen to that same value and 704 | # LogStructureScope to 'all': the actual values of those 705 | # settings are ignored. The default is that the values 706 | # of LogStructureScope and LogStructureWhen are honoured. 707 | 708 | #LogComponents= 709 | 710 | 711 | -------------------------------------------------------------------------------- /stable/config/ibgateway/jts.ini: -------------------------------------------------------------------------------- 1 | [IBGateway] 2 | WriteDebug=false 3 | TrustedIPs=127.0.0.1 4 | ApiOnly=true 5 | 6 | [Logon] 7 | Locale=en 8 | TimeZone=Etc/UTC 9 | displayedproxymsg=1 10 | UseSSL=true 11 | s3store=true 12 | 13 | [Communication] 14 | -------------------------------------------------------------------------------- /stable/scripts/fork_ports_delayed.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | sleep 30 4 | 5 | if [ "$TRADING_MODE" = "paper" ]; then 6 | printf "Forking :::4000 onto 0.0.0.0:4002\n" 7 | socat TCP-LISTEN:4002,fork TCP:127.0.0.1:4000 8 | else 9 | printf "Forking :::4000 onto 0.0.0.0:4001\n" 10 | socat TCP-LISTEN:4001,fork TCP:127.0.0.1:4000 11 | fi 12 | -------------------------------------------------------------------------------- /stable/scripts/run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | export DISPLAY=:1 4 | 5 | rm -f /tmp/.X1-lock 6 | Xvfb :1 -ac -screen 0 1024x768x16 & 7 | 8 | if [ -n "$VNC_SERVER_PASSWORD" ]; then 9 | echo "Starting VNC server" 10 | /root/scripts/run_x11_vnc.sh & 11 | fi 12 | 13 | envsubst < "${IBC_INI}.tmpl" > "${IBC_INI}" 14 | 15 | /root/scripts/fork_ports_delayed.sh & 16 | 17 | /root/ibc/scripts/ibcstart.sh "${TWS_MAJOR_VRSN}" -g \ 18 | "--tws-path=${TWS_PATH}" \ 19 | "--ibc-path=${IBC_PATH}" "--ibc-ini=${IBC_INI}" \ 20 | "--user=${TWS_USERID}" "--pw=${TWS_PASSWORD}" "--mode=${TRADING_MODE}" \ 21 | "--on2fatimeout=${TWOFA_TIMEOUT_ACTION}" 22 | -------------------------------------------------------------------------------- /stable/scripts/run_x11_vnc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | x11vnc -ncache_cr -display :1 -forever -shared -logappend /var/log/x11vnc.log -bg -noipv6 -passwd "$VNC_SERVER_PASSWORD" 4 | -------------------------------------------------------------------------------- /update.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -Eeuo pipefail 3 | 4 | cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")" 5 | 6 | if [ $# -ne 2 ] ; then 7 | echo "Usage: ./update.sh " 8 | exit 1 9 | fi 10 | 11 | channel=$1 12 | version=$2 13 | 14 | if [ "$channel" != "stable" ] && [ "$channel" != "latest" ]; then 15 | echo "The channel must be 'stable' or 'latest'" 16 | exit 1 17 | fi 18 | 19 | cp -r image-files/. "$channel/." 20 | rm -f "$channel/Dockerfile" 21 | VERSION="$version" CHANNEL="$channel" envsubst '$VERSION,$CHANNEL' < "Dockerfile.template" > "$channel/Dockerfile" 22 | 23 | echo "Done" --------------------------------------------------------------------------------