search

gnzsnz / ib-gateway-docker

Docker image with IB Gateway/TWS and IBC
https://github.com/users/gnzsnz/packages/container/package/ib-gateway
MIT License
228 stars 43 forks source link

Paper/live ports does not appear to be open #94

Closed qiujunda92 closed 5 months ago

qiujunda92 commented 5 months ago

Networking is not my strong point, so I do apologise upfront if this issue sounds trivial/I'm doing anything wrong. It appears that the ports were not open. While docker-compose up succeeded, I was unable to connect to IB gateway's API (via ib_async) for further downstream usage. It appears that others had similar issues in the past, and the problem was not solved.

To replicate the issue, I used the default ib gateway compose file but edited a few things. Below is my docker-compose.yml:

name: algo-trader
services:
  ib-gateway:
    restart: always
    build:
      context: ./stable
      tags:
        - "ghcr.io/gnzsnz/ib-gateway:stable"
    image: ghcr.io/gnzsnz/ib-gateway:stable
    environment:
      TWS_USERID: ib_username
      TWS_PASSWORD: ib_password
      TRADING_MODE: ${TRADING_MODE:-paper}
      TWS_SETTINGS_PATH: ${TWS_SETTINGS_PATH:-}
      READ_ONLY_API: ${READ_ONLY_API:-}
      VNC_SERVER_PASSWORD: vnc_password
      TWOFA_TIMEOUT_ACTION: ${TWOFA_TIMEOUT_ACTION:-exit}
      BYPASS_WARNING: ${BYPASS_WARNING:-}
      AUTO_RESTART_TIME: ${AUTO_RESTART_TIME:-}
      AUTO_LOGOFF_TIME: ${AUTO_LOGOFF_TIME:-}
      SAVE_TWS_SETTINGS: ${SAVE_TWS_SETTINGS:-}
      RELOGIN_AFTER_TWOFA_TIMEOUT: ${RELOGIN_AFTER_TWOFA_TIMEOUT:-no}
      TWOFA_EXIT_INTERVAL: ${TWOFA_EXIT_INTERVAL:-60}
      TIME_ZONE: ${TIME_ZONE:-Etc/UTC}
      TZ: ${TIME_ZONE:-Etc/UTC}
      CUSTOM_CONFIG: ${CUSTOM_CONFIG:-NO}
      JAVA_HEAP_SIZE: ${JAVA_HEAP_SIZE:-}
      SSH_TUNNEL: ${SSH_TUNNEL:-}
      SSH_OPTIONS: ${SSH_OPTIONS:-}
      SSH_ALIVE_INTERVAL: ${SSH_ALIVE_INTERVAL:-}
      SSH_ALIVE_COUNT: ${SSH_ALIVE_COUNT:-}
      SSH_PASSPHRASE: ${SSH_PASSPHRASE:-}
      SSH_REMOTE_PORT: ${SSH_REMOTE_PORT:-}
      SSH_USER_TUNNEL: ${SSH_USER_TUNNEL:-}
      SSH_RESTART: ${SSH_RESTART:-}
      SSH_VNC_PORT: ${SSH_VNC_PORT:-}
#    volumes:
#      - ${PWD}/jts.ini:/home/ibgateway/Jts/jts.ini
#      - ${PWD}/config.ini:/home/ibgateway/ibc/config.ini
#      - ${PWD}/tws_settings/:${TWS_SETTINGS_PATH:-/home/ibgateway/Jts}
#      - ${PWD}/ssh/:/home/ibgateway/.ssh
    ports:
      - "127.0.0.1:4002:4002" # paper
      - "127.0.0.1:4001:4001" # live
      - "127.0.0.1:5900:5900" # vnc
    secrets:
      - ib_username
      - ib_password
      - vnc_password

secrets:
   ib_username:
     file: /home/ubuntu/qtrading/creds/ib/ib_username.txt
   ib_password:
     file: /home/ubuntu/qtrading/creds/ib/ib_password.txt
   vnc_password:
     file: /home/ubuntu/qtrading/creds/ib/vnc_password.txt

I then ran docker-compose up in a EC2 instance (Ubuntu 22.04 LTS AMI, r6a.xlarge), where the container spun up successfully. Finally, I attempted telnet localhost 4002 and telnet localhost 5900, but I got a "Connection refused" error on the former. Only the latter responded correctly. (Interestingly, TightVNC couldn't find the 5900 port on the EC2 instance, so I suspect something is off there too).

I also tried this with the tws-docker-compose.yml version, but the same issue persists.

gnzsnz commented 5 months ago

secrets will NOT work.

regarding networking, you are publishing your ports on 127.0.0.1, thus you can NOT connect from the outside. This is "very secure".

Try something like

    ports:
      - "4002:4002" # paper
      - "4001:4001" # live
      - "5900:5900" # vnc

this is "VERY insecure" but you will be able to connect, if you have your firewall setup correctly. I explain the different options on the README.md

this IS NOT a BUG.