roq-fix-proxy¶
Purpose¶
Proxy for FIX Bridge
Load-balancing (horizontal scaling)
Authentication
Dynamic routing of order updates
Conda¶
$ conda install \
--channel https://roq-trading.com/conda/stable \
roq-fix-proxy
$ cp $CONDA_PREFIX/share/roq-fix-proxy/config.toml $CONFIG_FILE_PATH
# Then modify $CONFIG_FILE_PATH to match your specific configuration
$ roq-fix-proxy \
--name "proxy-1"
--config_file "$CONFIG_FILE_PATH" \
--flagfile "$FLAG_FILE"
Flags¶
$ roq-fix-proxy --help
--config_file
Config file
--name
Service name (CURRENTLY UNUSED)
--service_listen_address
Service listen address (CURRENTLY UNUSED)
--enable_order_mass_cancel
(false
)Enable order mass cancel?
--disable_remove_cl_ord_id
(false
)Disable removal of cl_ord_id when order reaches final state
--fix_debug
(false
)Debug FIX messages?
--client_listen_address
Listen address
--client_comp_id
Component name
--client_auth_method
Authentication method: (empty), hmac_sha256, hmac_sha256_ts
--client_auth_timestamp_tolerance
(5s
)Timestamp tolerance used with authentication
--client_logon_timeout
(5s
)Logon timeout
--client_logon_heartbeat_min
(5s
)Minimum accepted client ping frequency
--client_logon_heartbeat_max
(60s
)Maximum accepted client ping frequency
--client_heartbeat_freq
(30s
)Heartbeat frequency
--client_decode_buffer_size
(1048576
)Decode buffer size
--client_encode_buffer_size
(16777216
)Encode buffer size
--server_target_comp_id
Target comp id
--server_sender_comp_id
Sender comp id
--server_username
Username
--server_password
Password
--server_auth_method
Authentication method: (empty), hmac_sha256, hmac_sha256_ts
--server_decode_buffer_size
(16777216
)Decode buffer size
--server_encode_buffer_size
(1048576
)Encode buffer size
--server_ping_freq
(30s
)Ping freq (seconds)
--server_request_timeout
(500ms
)Request tiemout
--server_debug
(false
)Debug
--auth_uri
Web-socket URI
--auth_decode_buffer_size
(1048576
)Decode buffer size
--auth_encode_buffer_size
(65536
)Encode buffer size
--auth_ping_freq
(30s
)Ping freq (seconds)
Authentication¶
The simplest version is plain comparison on the password string.
hmac_sha256
¶
The connecting client must compute a nonce and pass this as Logon.raw_data
.
A signature is the base64 encoding of the HMAC/SHA256 digest (using a shared secret).
The connecting client must pass this as Logon.password
.
hmac_sha256_ts
¶
This is the same algorithm as hmac_sha256
with the only difference being
a millisecond timestamp and a period (.
) being prepended to the nonce.
The server side can then extract the timestamp and validate against its own clock.