Node key expired 1 day ago after a reboot for the docker host

[kubistika]

Describe the bug
After a restart of the docker host, all tailscale nodes that are managed by TSDProxy are disconnected from the tailnet and in tailscale admin panel, it says "Node key expired 1 day ago" (even the key expiry was set to 6 months from now). I also tried to disable key expiry but the same thing occured.

Expected behavior
A reboot will not cause the container to not be able to connect to my tailnet again (?)

Send config
The default configuration + a TS auth key generated with "Reusable" set to true:

defaultProxyProvider: default
docker:
  local: # name of the docker target provider
    host: unix:///var/run/docker.sock # host of the docker socket or daemon
    targetHostname: 172.31.0.1 # hostname or IP of docker server
    defaultProxyProvider: default # name of which proxy provider to use
files: {}
tailscale:
  providers:
    default: # name of the provider
      authKey: "MYAUTHKEYHERE" # optional, define authkey here
      # authKeyFile: "" # optional, use this to load authkey from file. If this is defined, Authkey is ignored
      controlUrl: https://controlplane.tailscale.com # use this to override the default control URL
  dataDir: /data/
http:
  hostname: 0.0.0.0
  port: 8080
log:
  level: info # set logging level info, error or trace
  json: false # set to true to enable json logging
proxyAccessLog: true # set to true to enable container access log

Logs

Initializing server
Version 1.4.3
5:09PM INF Log Settings Log level=info
5:09PM INF Starting server Version=1.4.3
5:09PM INF Setting up proxy proxies
5:09PM INF Initializing WebServer
5:09PM INF Health check set to ready
loading configuration from: /config/tsdproxy.yaml
Validating configuration...
Setting up logger
5:09PM INF Default Network found defaultIPAdress=172.17.0.1 docker=local module=proxymanager
5:09PM INF Container b156160a7a3090e1905588ecf904872de758251f218be5e801149cd46b87c2c6 started docker=local module=proxymanager
5:09PM INF Container 49ded40637fcec2e0a3c260592acc069570b1ca7575d9bbf4d25ac072dec86dd started docker=local module=proxymanager
5:09PM INF Container 3da892dac0ab0ec996e2787ff16f20afe71c3c3091e1bdf3d9f208881e3bce2a started docker=local module=proxymanager
5:09PM INF Trying to auto detect target URL container=/sonarr docker=local module=proxymanager try=0
5:09PM INF Trying to auto detect target URL container=/paperless-ngx_webserver_1 docker=local module=proxymanager try=0
5:09PM INF Trying to auto detect target URL container=/plex docker=local module=proxymanager try=0
5:09PM INF Successfully connected using defaultBridgeAddress and internal port address=172.17.0.1 container=/plex docker=local module=proxymanager port=32400
5:09PM INF setting up proxy hostname=plex module=proxymanager proxyname=plex
5:09PM INF starting proxy module=proxymanager name=plex proxyname=plex
5:09PM INF tsnet running state path /data/default/plex/tailscaled.state Hostname=plex module=proxymanager tailscale=default
5:09PM INF tsnet starting with hostname "plex", varRoot "/data/default/plex" Hostname=plex module=proxymanager tailscale=default
5:09PM INF LocalBackend state is NeedsLogin; running StartLoginInteractive... Hostname=plex module=proxymanager tailscale=default
5:09PM INF Successfully connected using docker network gateway and exposed port address=172.19.0.1 container=/sonarr docker=local module=proxymanager port=8989
5:09PM INF Successfully connected using docker network gateway and exposed port address=172.23.0.1 container=/paperless-ngx_webserver_1 docker=local module=proxymanager port=8000
5:09PM INF setting up proxy hostname=paperless-ngx module=proxymanager proxyname=paperless-ngx
5:09PM INF setting up proxy hostname=sonarr module=proxymanager proxyname=sonarr
5:09PM INF starting proxy module=proxymanager name=paperless-ngx proxyname=paperless-ngx
5:09PM INF starting proxy module=proxymanager name=sonarr proxyname=sonarr
5:09PM INF tsnet running state path /data/default/paperless-ngx/tailscaled.state Hostname=paperless-ngx module=proxymanager tailscale=default
5:09PM INF tsnet running state path /data/default/sonarr/tailscaled.state Hostname=sonarr module=proxymanager tailscale=default
5:09PM INF tsnet starting with hostname "sonarr", varRoot "/data/default/sonarr" Hostname=sonarr module=proxymanager tailscale=default
5:09PM INF tsnet starting with hostname "paperless-ngx", varRoot "/data/default/paperless-ngx" Hostname=paperless-ngx module=proxymanager tailscale=default
5:09PM INF LocalBackend state is NeedsLogin; running StartLoginInteractive... Hostname=paperless-ngx module=proxymanager tailscale=default
5:09PM INF LocalBackend state is NeedsLogin; running StartLoginInteractive... Hostname=sonarr module=proxymanager tailscale=default

Additional context
A screenshot from tailscale admin panel:

[almeidapaulopt]

That's just tailscale authkey expired. Just make a new one with 90 days.

To avoid this you can use OAUTH https://almeidapaulopt.github.io/tsdproxy/docs/advanced/tailscale/#oauth

[kubistika]

As I mentioned, I created a key for 90 days. After a reboot, tailscale says key expired (every time docker is restarted).

[almeidapaulopt]

Very strange...

Can you post your docker compose?
What status you have in dashboard?

As I mentioned, I created a key for 90 days. After a reboot, tailscale says key expired (every time docker is restarted).

[kubistika]

Yes, I will add my docker compose.

services:
  tsdproxy:
    image: almeidapaulopt/tsdproxy:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - datadir:/data
      - ./config:/config
    restart: unless-stopped
    ports:
      - 10999:8080

volumes:
  datadir:

And the status is "Starting".
For now, I moved to use OAuth as you suggested and it fixed my problem - but the bug does exist when using a fresh new API key (I did the very same thing that the tailscale dude did on his video in their official youtube channel - except that i DID NOT marked the key with ephermal=true to make sure that the nodes can survive a restart, but that did not help)