Stay Safe without upgrading to V4 (part Uninstall)


#1

As I will not upgrade to v4, but want to go back to a normal Ubuntu nginx experience - I wonder what steps do I have to do in order to make sure not to be affected by future security bugs?

Is it enough to go back to a standard nginx.conf file, adapt it as needed - and easyengine will basically not be used anymore?


#2

I don’t know about you, but I have already chosen my future path.

I’m talking to Michel and Janssen in order to setup a user forum in the near future.


#3

For me the thing is - I should not have used EasyEngine in first place. I only run 3 websites - and I thought if I use EasyEngine I safe a lot of time in optimizing the nginx stack. It rather complicated things for me than made things easier (before I had often used tutorials from easyengine precessor website on how to set up a fast nginx stack).

I do not want to reinstall my server because that too will take a lot of time - so I just look for a quick painless way out that resolves security bugs that may appear.

I’ve gone back to a pretty default nginx.conf - except keeping the fastcgi handling as it was with easyengine.

I’m using nginx from ondrej
sudo add-apt-repository ppa:ondrej/nginx
in order to have TLS 1.3 support. Actually I’ve never had any easyengine repositories - and nginx, mysql both came from standard ubuntu repositories. Not sure if there is a need for anythink like
ee stack remove --nginx
apt install nginx

ee stack remove --php
apt install php

and so on.
(I've already done: ee stack remove --postfix, ee stack remove --wpcli, ee stack remove --adminer, ee stack remove --phpMyAdmin, ee stack remove --utils, ee stack remove --mail ) - but am afraid running ee stack remove --nginx/--php/--mysqli or ee stack remove --web.


ee stack status gives the following:
> Nginx is not installed
> Postfix is not installed
> HHVM is not installed
> php5.6-fpm:  Running
> php7.0-fpm:  Running
> mysql     :  Running

#4

Hello,
you do not need to remove everything !

you can remove Nginx to install Nginx from another repository (you will just have to remove nginx configurations which require additional modules) or you can compile the latest Nginx release with my bash script nginx-ee

Other components are the same with/without easyengine :

  • PHP is installed from ppa:ondrej/php
  • MariaDB from digitalocean repository
  • postfix from ubuntu repository
  • wp-cli is only download from official site
  • phpmyadmin is installed with composer

#5

Thanks - that’s great. Maybe that should be added to the Documentation about uninstalling EasyEngine. So basically to remove easyengine (except some space on the drive) - it is enough to remove nginx, than reinstall nginx - and use a standard nginx.conf

That way no eventual easyengine security bugs are leftover as I understand now.
(and phymyadmin can also be installed with ubuntu itself).


#6

Yes, The only custom package used by EasyEngine is nginx-ee, so that’s the only part you need to remove if you want to make sure there will not have security issues related to EEv3.
To cleanup your server you can also remove EE binary /usr/local/bin/ee, local database /var/lib/ee/ee.db, and configuration /etc/ee


#7

Thank you for doing this. I’ve chosen the same path. It will be great to have a dedicated forum for it.


#8

It’s already available on https://community.wordops.org/ :grinning:


#9

This is great news!!


#10

Actually I am using @virtubox 's scripts for a long time without any problem . As a non-tech use this new fork confuses me and I think I will not go for v4 too, but again confused!


#11

Hello @Halil_Gungormus,

at the moment I haven’t used EEv4 enough to understand its structure and to see if I will be able to do the same customization than with EEv3.

WordOps is a fork of EEv3 and its team planned to provide an up-to-date version of EEv3, that’s why I currently help them to integrate my custom configurations into WO.

This is not because EEv4 use Docker or because I do not like EEv4, but just because I manage several servers running in production with EEv3 and I currently ) need to keep EEv3 up-to-date on the most part of them (migration to another platform will be too much work and too much risk).

So, you can choose to migrate to the new EEv4 system or to keep EEv3 architecture and to update it with WO (as soon as it will be stable). I will still publish my configurations for EEv3/WO but I will also take a look on EEv4 to see if it’s a solution for my needs.


#12

Well I value your thoughts @virtubox , if u make a comparison between them pls share it. Will u integrate your script with this new WO? if so do u have any timing for that? thank you.


#13

I do no think I will make a comparison between them because EEv4 is only available for few weeks now, when EEv3 was built few years ago, and EEv4 use docker when EEv3 use packages.
But I will contribute to WordOps project, to keep the most secure and up-to-date EEv3 possible. This way users will have the choice to migrate to EEv4 or not depending on their usage, and for those who want to stay on EEv3, it will not become a huge security issue.
I do not have any timing yet, but we will add a roadmap soon and keep you update as soon as possible.