This is not a glibc or Rocky Linux issue. The difference you’re seeing is due to rustls vs OpenSSL.

The glibc build uses rustls, which does not trust system or Docker CA stores by default, so self-signed / private CAs will fail TLS verification (Postgres and RustFS S3 in your case).The musl build works because it relies on OpenSSL, which automatically uses the OS CA bundle.

To fix this, you’ll need to explicitly provide your custom CA to the application (for rustls), or use a build that relies on native TLS (OpenSSL). Simply adding the CA to the Docker image is not sufficient for rustls.

So i got it to work without parsing my CA, with docker container:

1. i tried ZO_HTTP_TLS_ROOT_CERTIFICATES=native env, did nothing
2. tried ZO_S3_ALLOW_INVALID_CERTIFICATES=true and it worked, not sure what the implications will be

in-regards to using the binary, i get glib errors.

/usr/local/bin/openobserve: /lib64/libm.so.6: version `GLIBC_2.35' not found (required by /usr/local/bin/openobserve)
/usr/local/bin/openobserve: /lib64/libc.so.6: version `GLIBC_2.38' not found (required by /usr/local/bin/openobserve)
usr/local/bin/openobserve: /lib64/libc.so.6: version `GLIBC_2.39' not found (required by /usr/local/bin/openobserve

Rocky Linux uses version 2.34 in Rocky linux 9