How to Install Docker Engine on RHEL 9

November 17, 2025
Linux
Comment off

Docker Engine is the industry-standard container platform that packages applications and their dependencies into portable, isolated containers. A Docker container bundles the application code, runtime, libraries, and configuration into a single image that runs identically on any Linux host with Docker installed, eliminating the “it works on my machine” problem. RHEL 9 does not include Docker in its official repositories (Red Hat promotes Podman instead), but Docker Engine can be installed from Docker’s official repository. Docker provides a familiar workflow for developers coming from other Linux distributions and is required by many CI/CD tools and third-party applications. This guide covers installing Docker Engine on RHEL 9 from the Docker CE repository, configuring the daemon, adding a non-root user, and running your first container.

Prerequisites

RHEL 9 with sudo/root access

Step 1 — Install Docker Engine from Docker’s Repository

# Add Docker's official repository
dnf install -y yum-utils
yum-config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo

# Install Docker Engine
dnf install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

systemctl enable --now docker
docker --version

Step 2 — Configure the Docker Daemon

# /etc/docker/daemon.json — production daemon configuration
{
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "10m",
        "max-file": "3"
    },
    "live-restore": true,
    "storage-driver": "overlay2",
    "data-root": "/var/lib/docker",
    "default-ulimits": {
        "nofile": {
            "Name": "nofile",
            "Hard": 65536,
            "Soft": 65536
        }
    }
}

systemctl restart docker

Step 3 — Add a Non-Root User to the Docker Group

# IMPORTANT: Adding a user to the docker group grants root-equivalent privileges
# Only add trusted users to this group
usermod -aG docker $USER

# The user must log out and back in for the group change to take effect
# Verify (as the added user)
docker run hello-world

Step 4 — Configure SELinux for Docker

# Docker on RHEL 9 requires SELinux permissive mode or proper labels
# Option 1: Enable SELinux labelling in Docker (recommended)
# In /etc/docker/daemon.json add:
# "selinux-enabled": true

# Option 2: Set SELinux to permissive (less secure — not recommended for production)
# setenforce 0  # Temporary
# sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config  # Permanent

Step 5 — Basic Docker Operations

# Pull and run a container
docker pull nginx:alpine
docker run -d --name webserver -p 8080:80 nginx:alpine
docker ps
curl http://localhost:8080

# Stop and remove
docker stop webserver
docker rm webserver

# List images
docker images

# Remove unused resources
docker system prune -f

Step 6 — Open Firewall for Docker Containers

# Docker manages its own iptables rules for container networking
# The firewalld docker zone handles Docker traffic automatically
# Verify Docker's iptables integration
iptables -t nat -L DOCKER

Conclusion

Docker Engine on RHEL 9 provides a familiar containerisation platform for teams already using Docker in other environments. The live-restore daemon option is critical for production — it keeps containers running during Docker daemon restarts (for daemon updates), preventing container downtime during routine maintenance. For security-conscious deployments, consider using Podman as a rootless Docker alternative that doesn’t require a daemon running as root and integrates natively with RHEL’s SELinux policies.

Next steps: How to Install Docker Compose on RHEL 9, How to Install Podman on RHEL 9, and How to Build Docker Images on RHEL 9.