roq-fix-proxy

Purpose

• Proxy for FIX Bridge

• Load-balancing (horizontal scaling)

• Authentication

• Dynamic routing of order updates

Conda

• Using Conda

Install

$ mamba install \
  --channel https://roq-trading.com/conda/stable \
  roq-fix-proxy

Configure

$ cp $CONDA_PREFIX/share/roq-fix-proxy/config.toml $CONFIG_FILE_PATH

# Then modify $CONFIG_FILE_PATH to match your specific configuration

Run

$ roq-fix-proxy \
      --name "proxy-1"
      --config_file "$CONFIG_FILE_PATH" \
      --flagfile "$FLAG_FILE"

Flags

• Using Flags

$ roq-fix-proxy --help

Flags

--config_file

Config file

--name

Service name (CURRENTLY UNUSED)

--service_listen_address

Service listen address (CURRENTLY UNUSED)

--enable_order_mass_cancel (false)

Enable order mass cancel?

--disable_remove_cl_ord_id (false)

Disable removal of cl_ord_id when order reaches final state

--fix_debug (false)

Debug FIX messages?

Client

--client_listen_address

Listen address

--client_comp_id

Component name

--client_auth_method

Authentication method: (empty), hmac_sha256, hmac_sha256_ts

--client_auth_timestamp_tolerance (5s)

Timestamp tolerance used with authentication

--client_logon_timeout (5s)

Logon timeout

--client_logon_heartbeat_min (5s)

Minimum accepted client ping frequency

--client_logon_heartbeat_max (60s)

Maximum accepted client ping frequency

--client_heartbeat_freq (30s)

Heartbeat frequency

--client_decode_buffer_size (1048576)

Decode buffer size

--client_encode_buffer_size (16777216)

Encode buffer size

Server

--server_target_comp_id

Target comp id

--server_sender_comp_id

Sender comp id

--server_username

Username

--server_password

Password

--server_auth_method

Authentication method: (empty), hmac_sha256, hmac_sha256_ts

--server_decode_buffer_size (16777216)

Decode buffer size

--server_encode_buffer_size (1048576)

Encode buffer size

--server_ping_freq (30s)

Ping freq (seconds)

--server_request_timeout (500ms)

Request tiemout

--server_debug (false)

Debug

Auth

--auth_uri

Web-socket URI

--auth_decode_buffer_size (1048576)

Decode buffer size

--auth_encode_buffer_size (65536)

Encode buffer size

--auth_ping_freq (30s)

Ping freq (seconds)

Authentication

The simplest version is plain comparison on the password string.

hmac_sha256

The connecting client must compute a nonce and pass this as Logon.raw_data.

A signature is the base64 encoding of the HMAC/SHA256 digest (using a shared secret). The connecting client must pass this as Logon.password.

hmac_sha256_ts

This is the same algorithm as hmac_sha256 with the only difference being a millisecond timestamp and a period (.) being prepended to the nonce.

The server side can then extract the timestamp and validate against its own clock.