Fedora

How to Install Docker on Fedora 44

Install Docker on Fedora 44 with Docker CE or Moby Engine. Configure non-root access, Docker Compose, firewalld rules, and manage containers.

Last updatedAuthorJoshua JamesRead time8 minGuide typeFedora
Docker whale logo with containers connected to Fedora logo on blue background

Fedora’s default container workflow centers on Podman, but many Compose stacks, CI runners, vendor scripts, and team runbooks still expect the Docker daemon and Docker CLI. To install Docker on Fedora, choose Docker CE from Docker’s official RPM repository for Docker’s current package set, or use Fedora’s Moby Engine packages for a distro-maintained Docker-compatible runtime.

The same DNF5 workflow covers Docker Engine, Docker Compose, service startup, non-root access, firewalld checks, SELinux bind mounts, updates, and removal. Docker Desktop is a separate VM-backed desktop app, so it is treated as a boundary rather than a server or CLI Engine method.

Install Docker on Fedora

Pick one Engine path before installing. Docker CE and Moby Engine both provide the docker command and docker.service, so installing both on the same host creates unnecessary package conflicts.

Choose a Docker Method for Fedora

MethodSource or ChannelCompose SupportUpdate BehaviorBest For
Docker CEDocker stable RPM repositorydocker compose plugin plus Buildx pluginDNF updates from Docker’s repositoryMost users who want Docker’s upstream package names and documentation alignment
Moby EngineFedora repositoriesdocker compose and docker-compose through Fedora packagesDNF updates from Fedora repositoriesUsers who prefer Fedora-maintained packages and no third-party repository

dnf install docker is not the Fedora Engine install command. Fedora does not ship a package named docker; use moby-engine for the Fedora-packaged runtime, or use Docker’s docker-ce package set from the Docker repository.

Docker Desktop for Fedora is a separate RPM for graphical desktop workflows, but its Fedora support list can lag Docker Engine support after a new Fedora release. It runs a VM-backed Engine with its own Docker context and storage, so use Docker Desktop only when Docker’s Desktop page lists your Fedora release and you need the GUI, Desktop extensions, or bundled Kubernetes features.

Docker’s Fedora Engine page also documents direct Engine RPM downloads and a convenience script, but those are not the normal Fedora path here. Direct RPM files require manual upgrades, and the convenience script is better suited to disposable development environments than long-lived Fedora hosts.

Prepare Fedora for Docker

Refresh Fedora before adding repositories or installing container packages:

sudo dnf upgrade --refresh

These commands use sudo for package, service, and system configuration changes. If your account cannot use sudo, add it to Fedora’s wheel-based sudo setup before continuing with how to add a user to sudoers on Fedora.

Docker’s official instructions remove older package names that can conflict with Docker CE. DNF reports nothing to do when none of these packages exist, and this step does not delete images, containers, volumes, or networks under /var/lib/docker/.

sudo dnf remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-selinux \
                  docker-engine-selinux \
                  docker-engine

Fedora’s DNF5 repository-management command may be missing on minimal or newly installed systems. Install the current provider before using dnf config-manager:

sudo dnf install 'dnf5-command(config-manager)'

Confirm that the DNF5 addrepo subcommand is available:

dnf config-manager addrepo --help
Usage:
  dnf5 [GLOBAL OPTIONS] config-manager addrepo [OPTIONS]

Install Docker CE from Docker’s Repository

Use this method when you want Docker’s stable RPM repository, official docker-ce package names, the Compose plugin, and the Buildx plugin.

Add Docker’s Fedora repository file:

sudo dnf config-manager addrepo --from-repofile=https://download.docker.com/linux/fedora/docker-ce.repo

Import Docker’s RPM signing key before the first package transaction. Docker’s Fedora install page lists the key fingerprint as 060A 61C5 1B55 8A7F 742B 77AA C52F EB6B 621E 9F35.

sudo rpm --import https://download.docker.com/linux/fedora/gpg

Check that the imported RPM key uses the expected fingerprint:

rpm -q gpg-pubkey --qf '%{VERSION}-%{RELEASE}\n' | grep -Ei '^060a61c51b558a7f742b77aac52feb6b621e9f35-'
060a61c51b558a7f742b77aac52feb6b621e9f35-58ade481

Install Docker CE, the CLI, containerd, Buildx, and the Compose plugin:

sudo dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

With Fedora’s default DNF settings, this transaction also installs docker-ce-rootless-extras and libcgroup as supporting packages. DNF removes them later as unused dependencies when the core Docker CE packages are removed.

Verify the installed Engine and Compose plugin. Version numbers change as Docker publishes stable updates.

docker --version
docker compose version
Docker version 29.5.0, build 98f1464
Docker Compose version v5.1.3

Install Moby Engine from Fedora Repositories

Use this method when you want Fedora-maintained packages and do not need Docker’s external RPM repository.

sudo dnf install moby-engine docker-compose

Fedora’s transaction pulls in the Docker-compatible CLI, container runtime, Compose package, Buildx package, and supporting runtime tools when weak dependencies are enabled.

Verify the Fedora-packaged Engine and Compose commands. Version numbers change as Fedora publishes package updates.

docker --version
docker compose version
docker-compose --version
Docker version 29.4.2, build 1.fc44
Docker Compose version 5.1.2
Docker Compose version 5.1.2

Fedora’s docker-compose-switch package makes the legacy docker-compose command route to the current Compose implementation. Docker CE installs Compose as the docker compose plugin and does not need the legacy command for new projects.

Start and Verify Docker on Fedora

Docker packages install the service unit but do not start the daemon by default. Enable Docker at boot and start it immediately:

sudo systemctl enable --now docker

Check that the service is enabled and active:

systemctl is-enabled docker
systemctl is-active docker
enabled
active

Run Docker’s hello-world image to confirm that the daemon can pull an image and start a container:

sudo docker run --rm hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.

Run Docker Without sudo on Fedora

The Docker daemon listens on a Unix socket owned by root and the docker group. Docker creates the group during package installation, but it does not add your account automatically.

Membership in the docker group grants root-equivalent control over containers and the host paths they mount. Add only trusted local users, especially on shared workstations or servers.

Add your current account to the docker group. The -aG options append the group without replacing your existing supplementary groups.

sudo usermod -aG docker "$USER"

Log out and back in so the new group membership applies to your shell. A new terminal tab is not always enough because group membership is set when the login session starts.

Confirm your session includes the docker group and that the Docker socket is accessible without sudo:

id -nG "$USER" | tr ' ' '\n' | grep -x docker
docker ps
docker
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

Manage Docker on Fedora

Use systemd for the Docker daemon and normal Docker subcommands for containers, images, networks, and volumes.

TaskCommandWhat It Does
Start Dockersudo systemctl start dockerStarts the daemon for the current boot.
Stop Dockersudo systemctl stop dockerStops the daemon and running containers.
Restart Dockersudo systemctl restart dockerReloads the daemon after service or daemon configuration changes.
Enable at bootsudo systemctl enable dockerStarts Docker automatically on future boots.
Disable at bootsudo systemctl disable dockerPrevents automatic startup while keeping the package installed.
List containersdocker ps -aShows running and stopped containers.
List imagesdocker imagesShows locally downloaded or built images.
Show logsdocker logs CONTAINERPrints logs for a named container or container ID.

Run a Background Container

This example starts Nginx in the background and maps host port 8080 to container port 80:

docker run -d --name webserver -p 8080:80 nginx

Stop and remove the example container when you no longer need it:

docker stop webserver
docker rm webserver

Build an Image with Buildx

Build an image from a Dockerfile in the current directory and tag it as myapp:latest:

docker buildx build -t myapp:latest .

The -t option assigns the image tag, while . uses the current directory as the build context.

Configure Docker Logs on Fedora

Docker’s default logging driver is json-file. For general-purpose hosts, Docker’s logging documentation recommends the local driver because it rotates logs by default and uses a more efficient local format.

Create /etc/docker/daemon.json with the local logging driver:

sudo mkdir -p /etc/docker
printf '%s\n' \
  '{' \
  '  "log-driver": "local"' \
  '}' | sudo tee /etc/docker/daemon.json > /dev/null

Validate the JSON before restarting Docker:

sudo python3 -m json.tool /etc/docker/daemon.json
{
    "log-driver": "local"
}

Restart Docker and confirm the daemon picked up the new default driver:

sudo systemctl restart docker
sudo docker info --format '{{.LoggingDriver}}'
local

Logging-driver changes apply to containers created after the daemon restart. Recreate older containers if they need the new logging driver.

Open Docker Container Ports with Firewalld

Docker creates its own bridge-network firewall rules and, when firewalld is active, a docker zone for Docker bridge interfaces. If another machine cannot reach a published host port such as 8080, check both Docker’s published-port mapping and the active firewalld zone for the host interface.

Check the active firewalld zone before adding a rule:

firewall-cmd --get-active-zones
FedoraWorkstation (default)
  interfaces: ens160

Fedora Workstation commonly allows a broad high-port range in the FedoraWorkstation zone, while Fedora Server and stricter custom zones may not. This example checks FedoraWorkstation; replace it with your active zone if different:

firewall-cmd --zone=FedoraWorkstation --list-ports
1025-65535/tcp 1025-65535/udp

If your active zone does not already allow the host port, add a permanent rule to that zone. Replace public with the zone shown on your system.

sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --reload
firewall-cmd --zone=public --query-port=8080/tcp
yes

Remove the rule later if the published container service is no longer needed:

sudo firewall-cmd --permanent --zone=public --remove-port=8080/tcp
sudo firewall-cmd --reload

For broader firewall setup, service rules, and GUI tools, use the Fedora-specific Firewalld on Fedora guide.

Update or Remove Docker on Fedora

Update Docker Packages

Docker CE updates through DNF while the Docker repository remains enabled. Moby Engine updates through Fedora’s normal repositories.

sudo dnf upgrade --refresh

Restart Docker after an Engine update when containers need the new daemon immediately:

sudo systemctl restart docker

Remove Docker CE

Stop Docker and remove the official Docker CE packages:

sudo systemctl stop docker
sudo dnf remove docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Remove Docker’s repository file and refresh DNF metadata so Docker CE no longer appears as an enabled source:

sudo rm -f /etc/yum.repos.d/docker-ce.repo
sudo dnf clean metadata
dnf repo list --enabled | grep -Ei '^docker-ce' || echo "Docker CE repository is not enabled"
Docker CE repository is not enabled

The imported Docker RPM key can remain harmlessly in the RPM database. Remove it only during a full trust cleanup and only after confirming no Docker repository or package still needs it.

Remove Moby Engine

Stop Docker and remove the Fedora-packaged Engine and Compose packages:

sudo systemctl stop docker
sudo dnf remove moby-engine docker-compose

DNF may remove unused dependencies during that transaction, but runtime packages can remain if another package still needs them or DNF considers them separately installed. Check the Moby package surface before treating the runtime as fully removed:

rpm -q moby-engine docker-compose docker-cli docker-buildx docker-compose-switch containerd runc

If companion packages remain and no other container workflow uses them, remove only the installed names after reviewing DNF’s transaction:

packages=(docker-cli docker-buildx docker-compose-switch containerd runc)
installed=()

for package in "${packages[@]}"; do
  if rpm -q "$package" > /dev/null 2>&1; then
    installed+=("$package")
  fi
done

if ((${#installed[@]})); then
  sudo dnf remove "${installed[@]}"
else
  echo "No Moby companion packages are installed"
fi

Delete Docker Data

Deleting Docker data permanently removes local images, containers, volumes, networks, and daemon configuration. Back up named volumes, bind-mounted application data, and any important Compose project state before using these cleanup commands.

List Docker and containerd paths that still exist:

for path in /var/lib/docker /var/lib/containerd /etc/docker; do
  sudo test -e "$path" && echo "$path"
done

Remove Docker’s daemon state and configuration only when you are sure those paths are no longer needed:

sudo rm -rf /var/lib/docker /etc/docker

Leave /var/lib/containerd in place when either containerd or containerd.io is still installed. Remove it only after confirming no remaining runtime needs that state:

if rpm -q containerd > /dev/null 2>&1 || rpm -q containerd.io > /dev/null 2>&1; then
  echo "containerd is still installed; leaving /var/lib/containerd"
else
  sudo rm -rf /var/lib/containerd
fi

Troubleshoot Docker on Fedora

DNF Cannot Find a docker Package

Fedora does not provide an Engine package named docker, so a direct package lookup returns no match:

dnf info docker
No matching packages to list

Install moby-engine for Fedora’s Engine package, or install the docker-ce package set after adding Docker’s repository. The docker-cli package is only the client and does not install a running daemon by itself.

Permission Denied on docker.sock

This error means the current shell cannot access the Docker socket:

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

Check whether your active session includes the docker group:

id -nG "$USER" | tr ' ' '\n' | grep -x docker || echo "docker group is missing from this session"
docker group is missing from this session

Add the user to the group if needed, then log out and back in before testing again:

sudo usermod -aG docker "$USER"

Docker Fails After Editing daemon.json

A malformed /etc/docker/daemon.json file prevents the daemon from starting. Check the service state and recent logs:

sudo systemctl status docker
sudo journalctl -u docker --no-pager -n 30

Validate the JSON file before restarting Docker:

sudo python3 -m json.tool /etc/docker/daemon.json

Fix any reported syntax issue, then restart the daemon:

sudo systemctl restart docker
systemctl is-active docker
active

SELinux Blocks a Bind Mount

Fedora runs SELinux in enforcing mode by default. If a container cannot read a bind-mounted host directory even though Unix ownership looks correct, check for recent AVC denials:

sudo ausearch -m avc -ts recent

For Docker bind mounts, Docker’s bind mount documentation defines :Z as a private SELinux label for one container and :z as a shared label for multiple containers.

docker run --rm -v "$HOME/docker-data:/data:Z" fedora:latest ls -l /data

Use SELinux relabel options only on application data paths that belong to the container. Do not apply :Z to broad system paths such as /home or /usr, because relabeling those paths can break normal host access.

docker Command Starts the Podman Shim

Fedora can install podman-docker, a compatibility shim that makes the docker command call Podman. That shim is useful for Podman workflows, but remove it before using Docker Engine if it owns your docker command.

rpm -q podman-docker
rpm -qf "$(command -v docker)"

If the owner is podman-docker, remove the shim and reinstall the Docker method you chose:

sudo dnf remove podman-docker

Docker CE GPG Check Fails

A stale or missing Docker RPM key can stop the official repository install with a GPG check failure. Reimport Docker’s current Fedora key and verify the fingerprint before retrying the package installation:

sudo rpm --import https://download.docker.com/linux/fedora/gpg
rpm -q gpg-pubkey --qf '%{VERSION}-%{RELEASE}\n' | grep -Ei '^060a61c51b558a7f742b77aac52feb6b621e9f35-'

Conclusion

Docker is running on Fedora with Compose available, service management in systemd, and a clear split between Docker’s upstream packages and Fedora’s Moby Engine path. For development work, install Git on Fedora pairs naturally with Dockerfiles and Compose projects. For remote administration, enable SSH on Fedora instead of exposing the Docker API directly.

Share this guide

Help another Linux user troubleshoot faster

Share this guide with someone troubleshooting Linux systems or saving it for later.

BlueskyRedditXTumblrFacebookLinkedIn
Follow LinuxCapable

Want more LinuxCapable guides in Google?

Add LinuxCapable as a preferred source so Google can show our tutorials more often in Top Stories and mark them as preferred in AI Mode and AI Overviews when relevant.

Add LinuxCapable as a preferred source on Google
Search LinuxCapable

Need another guide?

Search LinuxCapable for package installs, commands, troubleshooting, and follow-up guides related to what you just read.

Found this guide useful?

Support LinuxCapable to keep tutorials free and up to date.

Buy me a coffeeBuy me a coffee
Before commenting, please review our Comments Policy.
Formatting tips for your comment

You can use basic HTML to format your comment. Useful tags currently allowed in published comments:

You type Result
<code>command</code> command
<strong>bold</strong> bold
<em>italic</em> italic
<a href="https://example.com">link</a> link
<blockquote>quote</blockquote> quote block

Add to the discussion

Questions, fixes, command output, and version notes help keep this guide current.

Verify before posting: