You will need:
* a server host running Debian 10 (buster) or Debian 11 (bullseye).
* a unique 5-character ID like @x9999@ for your cluster (first character should be @[a-w]@ for a long-lived / production cluster; all characters are @[a-z0-9]@).
-* a DNS name like @x9999.example.com@ that resolves to your server host (or a load balancer / proxy that passes HTTP and HTTPS requests through to your server host).
+* a DNS name like @x9999.example.com@ that resolves to your server host (or a load balancer / proxy that passes HTTP requests on port 80[1] and HTTPS requests on ports 443 and 4440-4460 through to the same port on your server host).
+* a firewall setup that allows incoming connections to ports 80[1], 443, and 4440-4460.
+
+fn1. Port 80 is only used to obtain TLS certificates automatically from Let's Encrypt. It is not needed if you have another way to provision certificates.
h2. Options
h2. Initialize the cluster
<pre>
-# echo > /etc/apt/sources.list.d/arvados.list "deb http://apt.arvados.org/buster buster main"
+# echo > /etc/apt/sources.list.d/arvados.list "deb http://apt.arvados.org/$(lsb_release -sc) $(lsb_release -sc) main"
# apt update
# apt install arvados-server-easy
-# arvados-server init -cluster-id x9999 -domain x9999.example.com -tls auto -login pam
+# arvados-server init -cluster-id x9999 -domain x9999.example.com -tls acme -login pam
</pre>
When the "init" command is finished, navigate to the link shown in the terminal (e.g., @https://x9999.example.com/@) and log in with the account you created above.
-Activate your new Arvados user account.
+Activate your new Arvados user account. Copy the UUID (looks like @x9999-tpzed-xxxxxxxxxxxxxxx@) from your browser's location bar and run:
<pre>
-# arv root user setup exampleUserName
+# arv sudo user setup --uuid x9999-tpzed-xxxxxxxxxxxxxxx
</pre>
Run the diagnostics tool to ensure everything is working.
<pre>
-# arv root diagnostics
+# arv sudo diagnostics
</pre>
h2. Customize the cluster
Things you should plan to update before using your cluster in production:
* "Set up Google login":{{site.baseurl}}/install/setup-login.html or another authentication option.
-* Set up a wildcard TLS certificate and DNS name, or enable @TrustAllContent@ mode.
-* Update storage configuration to use a cloud storage bucket instead of the local filesystem.
-* Update CloudVMs configuration to use a cloud provider to bring up VMs on demand instead of running containers on the server host.
+* "Set up a wildcard TLS certificate and DNS name,":{{site.baseurl}}/install/install-manual-prerequisites.html#dnstls or enable @TrustAllContent@ mode.
+* Update storage configuration to use a cloud storage bucket ("S3":{{site.baseurl}}/install/configure-s3-object-storage.html or "Azure":{{site.baseurl}}/install/configure-azure-blob-storage.html) instead of the local filesystem.
+* Update "CloudVMs configuration":{{site.baseurl}}/install/crunch2-cloud/install-dispatch-cloud.html to use a cloud provider to bring up VMs on demand instead of running containers on the server host.
h2. Updating configuration