How to Install Docker on Fedora Linux

Docker enables developers and system administrators to package applications with all their dependencies into portable containers that run consistently across different environments. For instance, whether you need to deploy web applications, set up development environments, or run microservices, Docker simplifies the process of building, shipping, and running software on Fedora Linux.

This guide covers two installation methods: the official Docker CE repository maintained by Docker, Inc., and the Moby Engine package available in Fedora’s default repositories. Specifically, by the end, you will have a working Docker installation with Docker Compose, the ability to run containers as a non-root user, and the knowledge to manage Docker services effectively.

Choose Your Docker Installation Method

Fedora offers two paths to running Docker containers; however, each has distinct advantages depending on your use case.

Method	Channel	Version	Updates	Best For
Docker CE (Official)	Docker Repository	Latest stable	Automatic via DNF	Users needing latest Docker features and official support
Moby Engine (Fedora)	Fedora Repos	Distribution default	Automatic via DNF	Users preferring Fedora-maintained packages with simpler setup

For most users, the Docker CE method is recommended specifically because it provides the latest features, security updates directly from Docker, and includes all official plugins. However, if you prefer packages maintained by the Fedora Project and want a simpler installation without adding external repositories, the Moby Engine method works well for general container workflows.

Docker Pre-installation Steps

Remove Previous Docker Installations

Before installing Docker, first remove any older versions to prevent conflicts and ensure a clean installation. Consequently, the following command removes legacy Docker packages that may exist on your system:

sudo dnf remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \
                  docker-engine

If none of these packages are installed, DNF will report that there is nothing to remove. However, this is expected on fresh installations. Importantly, the contents of /var/lib/docker/, including images, containers, volumes, and networks, remain preserved during this removal process.

Update System Packages

Next, refresh the package cache and apply any pending system updates to ensure your system has the latest security patches and package metadata:

sudo dnf upgrade --refresh

Install Docker CE from Official Repository

This method installs Docker Community Edition directly from Docker’s official repository. Additionally, it provides the latest stable release with all official plugins including Docker Compose and Docker Buildx.

Verify Repository Management Tools

Fedora 43 includes dnf5-plugins by default, which provides the config-manager command for managing repositories. Specifically, verify the plugin is available before proceeding:

dnf config-manager --help | head -5

Usage:
  dnf5 [GLOBAL OPTIONS] config-manager  ...

Description:
  Manage main and repositories configuration...

If the command displays usage information, you are ready to proceed. Otherwise, install the plugins package with sudo dnf install dnf5-plugins.

Add Docker CE Repository

Add the official Docker CE repository to your system. Specifically, the addrepo command downloads and installs the repository configuration file:

sudo dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo

The command displays a download progress indicator as it retrieves the repository file. Subsequently, once complete, the Docker repository is ready for use.

Install Docker CE

Now, with the repository configured, install Docker CE along with its command-line interface and essential plugins:

sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Specifically, this command installs the Docker daemon (docker-ce), the command-line client (docker-ce-cli), the container runtime (containerd.io), and two plugins: Docker Buildx for extended build capabilities and Docker Compose for multi-container applications.

Verify Docker CE Installation

Finally, confirm the installation completed successfully by checking the installed versions:

docker --version

Docker version 29.x.x, build xxxxxxx

docker compose version

Docker Compose version v5.x.x

Install Moby Engine from Fedora Repositories

Alternatively, you can install the Moby Engine package from Fedora’s official repositories. Moreover, Moby is the open-source project that Docker CE is built upon, and Fedora maintains its own version that integrates well with the distribution.

Install Moby Engine

To begin, install the Moby Engine along with Docker Compose using a single command:

sudo dnf install moby-engine docker-compose

Essentially, this installation includes the Docker-compatible engine, command-line tools, and Docker Compose for orchestrating multi-container applications.

Verify Moby Engine Installation

Subsequently, after installation, confirm the packages are working correctly:

docker --version

Docker version 29.x.x, build x.fc43

docker-compose --version

Docker Compose version 2.x.x

The Moby Engine uses the docker-compose command (with hyphen). In contrast, Docker CE uses docker compose (as a subcommand). Ultimately, both achieve the same result with slightly different syntax.

Start and Enable Docker Service

Regardless of which installation method you chose, Docker requires its service to be running before you can use it. However, by default, the Docker service is not started automatically after installation.

Enable Docker on Boot

Consequently, to start the Docker service immediately and configure it to start automatically on system boot, run:

sudo systemctl enable docker --now

Conveniently, the --now flag combines the enable and start operations into a single command, saving time during initial setup.

Verify Service Status

Next, confirm that Docker is running correctly by checking the service status:

sudo systemctl status docker

● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
    Drop-In: /usr/lib/systemd/system/service.d
             └─10-timeout-abort.conf
     Active: active (running) since Thu 2025-12-12 02:15:00 UTC; 5s ago
...

Ideally, the output should show Active: active (running), indicating Docker is ready to use.

Test Docker Installation

Now, run the official hello-world container to verify Docker can pull images and run containers successfully:

sudo docker run hello-world

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
e6590344b1a5: Pull complete
Digest: sha256:d715f14f9eca81473d9112df50457893aa4d099adeb4729f679006bf5ea12407
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.
...

If you see the “Hello from Docker!” message, your installation is working correctly.

Manage Docker Service

Docker runs as a systemd service on Fedora, providing standardized commands for service management. Therefore, the following commands help you control the Docker daemon.

For example, start the Docker service manually:

sudo systemctl start docker

Next, stop the Docker service:

sudo systemctl stop docker

Additionally, restart Docker to apply configuration changes:

sudo systemctl restart docker

Furthermore, enable Docker to start automatically on boot:

sudo systemctl enable docker

Finally, disable Docker from starting on boot while keeping it available for manual start:

sudo systemctl disable docker

Configure Docker for Non-Root Users

By default, Docker commands require root privileges. Generally, running Docker as a non-root user improves security and convenience for development workflows. Therefore, this section explains how to configure your system to allow regular users to manage containers.

Adding a user to the docker group grants them root-equivalent permissions for container operations. Only add trusted users to this group.

Add Your User to the Docker Group

To begin, add your current user to the docker group with the following command, replacing your_username with your actual username:

sudo usermod -aG docker your_username

Alternatively, you can create a dedicated Docker user and add them to the group:

sudo useradd -m dockeruser
sudo usermod -aG docker dockeruser

Subsequently, after adding your user to the group, log out and log back in to apply the group membership changes. In some cases, a system reboot may be necessary.

Verify Non-Root Access

Now, after logging back in, confirm that you can run Docker commands without sudo:

docker ps

CONTAINER ID   IMAGE   COMMAND   CREATED   STATUS   PORTS   NAMES

As a result, if this command runs without permission errors, Docker is correctly configured for non-root access.

Configure Docker Logging

Docker CE uses the JSON file logging driver by default, which stores container logs as JSON files on disk. In contrast, Fedora’s Moby Engine defaults to the journald driver for systemd integration. You can configure Docker to use alternative logging drivers or send logs to centralized log management systems.

Create Daemon Configuration

Docker’s daemon settings are stored in /etc/docker/daemon.json. The file does not exist by default, so create it to customize logging behavior:

sudo nano /etc/docker/daemon.json

For instance, add the following configuration to send logs to a remote syslog server:

{
  "log-driver": "syslog",
  "log-opts": {
    "syslog-address": "tcp://logs.example.com:514",
    "syslog-facility": "daemon",
    "tag": "{{.Name}}"
  }
}

Importantly, replace logs.example.com with the address of your actual syslog server. The tag option uses the container name for log identification.

Apply Configuration Changes

Finally, after modifying the daemon configuration, restart Docker to apply the changes:

sudo systemctl restart docker

Verify the logging driver is active by checking Docker’s configuration:

docker info --format '{{.LoggingDriver}}'

syslog

Additionally, any subsequent configuration changes to daemon.json require another restart to take effect.

Configure Firewall for Docker

Fedora uses firewalld as its default firewall. Consequently, when exposing container ports to external networks, you may need to configure firewall rules to allow incoming connections.

Allow Specific Ports

For example, to allow external access to a container port (for example, port 8080 for a web application), add a firewall rule:

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Specifically, the --permanent flag ensures the rule persists across reboots. Additionally, the --reload command applies the new rules immediately.

Verify Firewall Rules

Next, list the currently active firewall rules to confirm your configuration:

sudo firewall-cmd --list-all

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp1s0
  sources:
  services: dhcpv6-client ssh
  ports: 8080/tcp
  ...

As shown, the output shows that port 8080/tcp is now open in the firewall. For further details, see our guide on installing and configuring firewalld on Fedora.

Essential Docker Commands

In general, Docker provides a comprehensive command-line interface for managing containers, images, networks, and volumes. For reference, the following table summarizes the most commonly used commands:

Command	Description
docker run	Create and start a container from an image
docker ps	List running containers
docker ps -a	List all containers including stopped ones
docker images	List downloaded images
docker build	Build an image from a Dockerfile
docker stop	Stop a running container
docker rm	Remove a stopped container
docker rmi	Remove an image
docker network	Manage Docker networks
docker volume	Manage Docker volumes

Run Interactive Containers

Specifically, to start a container and access its shell interactively, use the -it flags with docker run:

docker run -it ubuntu:latest /bin/bash

Technically, this command downloads the Ubuntu image (if not already present), starts a container, and opens an interactive bash shell. Additionally, the -i flag keeps stdin open, and -t allocates a pseudo-TTY for the terminal connection.

Run Containers in Background

Alternatively, for long-running services, run containers in detached mode with the -d flag:

docker run -d --name webserver -p 8080:80 nginx

In this case, this command runs an Nginx web server in the background, maps host port 8080 to container port 80, and assigns the name “webserver” for easy reference.

Manage Containers

First, stop a running container by name or ID:

docker stop webserver

Next, remove a stopped container:

docker rm webserver

Finally, view logs from a container:

docker logs webserver

Build Custom Images

For example, build a Docker image from a Dockerfile in the current directory:

docker build -t myapp:latest .

Here, the -t flag tags the image with a name and version. The . specifies the build context directory containing the Dockerfile.

Commit Container Changes

However, if you modify a running container and want to save those changes as a new image, use the docker commit command:

docker run -it --name mycontainer ubuntu:latest /bin/bash

Then, make your changes inside the container, then exit and commit:

docker commit mycontainer myimage:latest

As a result, the new image “myimage” now contains all modifications made in the container.

Troubleshoot Docker Issues

Permission Denied When Running Docker Commands

Typically, if you encounter permission errors when running Docker commands without sudo, you will see this error message:

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.47/containers/json": dial unix /var/run/docker.sock: connect: permission denied

Usually, this indicates your user is not in the docker group or group changes have not been applied yet. Therefore, first verify your current group membership:

groups

username wheel

However, if “docker” is not listed in the output, add your user to the docker group:

sudo usermod -aG docker $USER

Next, log out and log back in to apply the group membership changes. After logging back in, verify the group was added successfully:

groups

username wheel docker

Finally, now test Docker access without sudo:

docker ps

CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

Docker Service Failed to Start

Unfortunately, if Docker fails to start after installation or configuration changes, you will see a failed status when checking the service:

sudo systemctl status docker

● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Thu 2024-12-12 10:15:33 EST; 5s ago
...

To investigate, check the service logs for detailed error messages:

sudo journalctl -xeu docker --no-pager | tail -20

Dec 12 10:15:33 fedora dockerd[12345]: failed to start daemon: error reading config file: /etc/docker/daemon.json: invalid character '}' looking for beginning of object key string

Often, the most common cause is syntax errors in /etc/docker/daemon.json. Consequently, validate the JSON configuration:

sudo python3 -m json.tool /etc/docker/daemon.json

Expecting property name enclosed in double quotes: line 5 column 3 (char 89)

Subsequently, fix the syntax error in the file (common issues include trailing commas, missing quotes, or invalid escape sequences), then restart Docker:

sudo systemctl restart docker

Finally, verify Docker started successfully:

sudo systemctl status docker

● docker.service - Docker Application Container Engine
     Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; preset: disabled)
     Active: active (running) since Thu 2024-12-12 10:20:15 EST; 3s ago
...

SELinux Blocking Container Access to Host Directories

Notably, Fedora runs SELinux in enforcing mode by default. Consequently, if containers cannot access bind-mounted host directories, you will see permission errors inside the container:

ls: cannot open directory '/data': Permission denied

To investigate, check for SELinux denials in the audit log:

sudo ausearch -m avc -ts recent

----
time->Thu Dec 12 10:25:30 2024
type=AVC msg=audit(1702394730.123:456): avc:  denied  { read } for  pid=12345 comm="nginx" name="index.html" dev="dm-0" ino=67890 scontext=system_u:system_r:container_t:s0:c123,c456 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=0

Evidently, the denial shows SELinux blocked container access to files with incorrect context. Therefore, for bind mounts, append the :Z option to let Docker set the correct SELinux context automatically:

docker run -v /home/user/data:/data:Z nginx

Specifically, the :Z flag relabels the content so it is accessible only by the specific container. However, for shared volumes accessed by multiple containers, use :z (lowercase) instead:

docker run -v /shared/data:/data:z nginx

Finally, verify the container can now access the mounted directory:

docker exec container_name ls -la /data

total 12
drwxr-xr-x. 2 root root 4096 Dec 12 10:30 .
drwxr-xr-x. 1 root root 4096 Dec 12 10:30 ..
-rw-r--r--. 1 root root  123 Dec 12 10:30 index.html

Podman Socket Conflicts

As mentioned, Fedora ships with Podman by default. Consequently, if you have both Podman and Docker installed, socket conflicts can occur when both try to use the same socket path:

Error starting daemon: error while opening volume store metadata database: timeout

First, check if Podman’s socket is active:

sudo systemctl status podman.socket

● podman.socket - Podman API Socket
     Loaded: loaded (/usr/lib/systemd/system/podman.socket; enabled; preset: disabled)
     Active: active (listening) since Thu 2024-12-12 09:00:00 EST; 2h ago
...

Next, if you plan to use Docker exclusively, disable and stop the Podman socket:

sudo systemctl disable --now podman.socket
sudo systemctl disable --now podman.service

Then, restart Docker to claim the socket:

sudo systemctl restart docker

Finally, verify Docker is running without conflicts:

docker info | grep -i "server version"

 Server Version: 29.x.x

GPG Key Not Found Errors

Occasionally, when installing Docker CE from the official repository, you may encounter GPG key verification failures:

Error: GPG check FAILED
Public key for docker-ce-29.x.x-1.fc43.x86_64.rpm is not installed

This error indicates that the Docker repository GPG key was not imported during repository setup. Therefore, manually import the Docker GPG key:

sudo rpm --import https://download.docker.com/linux/fedora/gpg

Next, verify the key was imported successfully:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n' | grep -i docker

gpg-pubkey-xxxxxxxx-xxxxxxxx	gpg(Docker Release (CE rpm) )

Finally, retry the Docker installation:

sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Docker CE from the official repository includes proper GPG signatures and installs without issues on Fedora 43 in most cases. This troubleshooting step is only needed if the automatic key import failed during repository setup.

Remove Docker

Eventually, if you need to uninstall Docker from your Fedora system, follow the appropriate removal steps based on your installation method.

Remove Docker CE

To do so, stop the Docker service and remove the packages:

sudo systemctl stop docker
sudo dnf remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Next, remove the Docker repository file:

sudo rm /etc/yum.repos.d/docker-ce.repo

Remove Moby Engine

On the other hand, for the Moby Engine installation, stop the service and remove packages:

sudo systemctl stop docker
sudo dnf remove moby-engine docker-compose

Remove Docker Data

Warning: The following commands permanently delete all Docker images, containers, volumes, and custom configurations. Back up any important data before proceeding.

Finally, remove all Docker data directories:

sudo rm -rf /var/lib/docker
sudo rm -rf /var/lib/containerd
sudo rm -rf /etc/docker

Conclusion

In conclusion, you now have Docker installed and configured on Fedora, with the ability to run containers, build images, and manage services. Furthermore, the installation includes Docker Compose for multi-container applications and configuration for non-root user access. Additionally, consider exploring Git on Fedora for version control of your Dockerfiles, or set up SSH on Fedora for remote container management.