Setting Up Docker on Arch Linux: The Secure, Clean Way

Posted by Nana Oware on May 28th, 2026. Tagged docker arch-linux homelab self-host

As an advocate for open-source software and self-hosting, Docker is the cornerstone of my home lab infrastructure. It isolates environments, keeps the host OS pristine, and makes deploying services incredibly efficient.

While Arch Linux is an incredible rolling-release distribution, setting up Docker requires a few deliberate steps to ensure it runs smoothly and securely. In this guide, we will walk through installing Docker, configuring it for non-root usage, and applying a few essential security tweaks.

Prerequisites:

Before we begin, ensure your Arch Linux system is fully up to date. Open your terminal and run:

sudo pacman -Syu

Step 1: Install Docker

Docker is available directly in the official Arch extra repository, so we don't need to touch the AUR for the core installation.

Install Docker and its loopback management tools by running:

sudo pacman -S docker

Step 2: Start and Enable the Docker Daemon

Arch Linux utilizes systemctl to manage services. By default, newly installed packages are neither started nor enabled on boot.

To start the Docker service immediately:

sudo systemctl start docker.service

To ensure Docker starts automatically every time you boot your machine:

sudo systemctl enable docker.service

You can verify that Docker is running successfully with:

sudo systemctl status docker.service

Step 3: Run Docker as a Non-Root User (Optional but Recommended)

By default, the Docker daemon binds to a Unix socket which is owned by the root user. This means you have to prefix every docker command with sudo.

To fix this—and avoid typing sudo constantly—we can create a docker Unix group and add your user to it.

⚠️ A Note from a Security Perspective: Adding a user to the docker group grants privileges equivalent to the root user. If an attacker gains access to your user account, they can easily escalate to root via Docker. For a personal workstation or home lab, this convenience is standard practice, but always be aware of the attack surface.

Create the docker group (it usually gets created automatically during installation, but let's make sure):

sudo usermod -aG docker $USER

Log out and log back in for the group changes to take effect, or run this command to evaluate the new group membership immediately:

newgrp docker


docker run hello-world

Step 5: Security Hardening & Best Practices

As a cybersecurity analyst, I can't let you leave without a couple of quick tweaks to make your setup more secure and resilient.

Limit Log Sizes (Prevent Disk Exhaustion)

By default, Docker stores container logs indefinitely. A misconfigured container spitting out endless errors can easily fill up your host storage.

Create or edit the Docker daemon configuration file at /etc/docker/daemon.json:

{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  }
}

This caps container logs at 10MB per file and keeps a maximum of 3 files per container.

After saving the file, restart the daemon to apply changes:

sudo systemctl restart docker.service

Wrapping Up

You now have a fully functioning, optimized Docker environment running on your Arch Linux system. Whether you are looking to spin up a Nextcloud instance, a Pi-hole, or prepare your local environment for Kubernetes testing, you have the foundation ready.

What are you planning to host first? Let me know in the comments below!