diff --git a/templates/drupal-tailscale/default.Dockerfile b/templates/drupal-tailscale/default.Dockerfile
index c5ebcbc..34c96f9 100644
--- a/templates/drupal-tailscale/default.Dockerfile
+++ b/templates/drupal-tailscale/default.Dockerfile
@@ -14,15 +14,24 @@ COPY --from=docker.io/tailscale/tailscale:stable /usr/local/bin/containerboot /u
 
 COPY ${COPY_FROM}/infrastructure/docker/drupal-tailscale/init-tailscale.sh /docker-entrypoint-init.d/
 
-USER wodby
 # Set default values for Tailscale environment variables.
 ENV TS_USERSPACE=true
 ENV TS_AUTH_ONCE=true
 ENV TS_STATE_DIR=/tmp/tailscale
 ENV TS_SOCKET=/var/run/tailscale/tailscaled.sock
+ENV TS_EXTRA_ARGS="--ssh"
+
+# Create Tailscale state directory, socket and ensure all files are owned by the default user.
+RUN mkdir -p ${TS_STATE_DIR}/ $(dirname ${TS_SOCKET})/ && \
+  chown -R wodby:wodby ${TS_STATE_DIR}/ $(dirname ${TS_SOCKET})/ && \
+  chmod +x /usr/local/bin/tailscaled /usr/local/bin/tailscale /usr/local/bin/ts-containerboot /docker-entrypoint-init.d/init-tailscale.sh
+
+USER wodby
 
 # Tailscale state directory should be mounted to persist across restarts.
 VOLUME "/tmp/tailscale"
 
 # This container is intended to be run as a sidecar to the main Drupal container.
 CMD [ "sleep", "infinity" ]
+
+HEALTHCHECK CMD ["tailscale", "status"]
diff --git a/templates/drupal-tailscale/init-tailscale.sh b/templates/drupal-tailscale/init-tailscale.sh
index c860660..e7e2574 100644
--- a/templates/drupal-tailscale/init-tailscale.sh
+++ b/templates/drupal-tailscale/init-tailscale.sh
@@ -4,11 +4,5 @@
 # @see https://hub.docker.com/r/tailscale/tailscale
 # @see https://github.com/tailscale/tailscale/blob/main/cmd/containerboot/main.go
 
+# We don't want this action to block the boot process, so we run it in the background.
 /usr/local/bin/ts-containerboot &
-
-# Leave some time for tailscaled to start and connect to the Tailscale network.
-sleep 5
-
-# Start the tailscale-powered sshd server.
-tailscale set --ssh
-echo "Tailscale SSH server enabled."