diff --git a/tsa/howto/static-component.mdwn b/tsa/howto/static-component.mdwn
index 49688dcf78e7d48482836cd8857f9d8276e6af0f..0e928a9e72f346f5f2e80fb8f10b474ff516da00 100644
--- a/tsa/howto/static-component.mdwn
+++ b/tsa/howto/static-component.mdwn
@@ -71,3 +71,41 @@ Adding a new component
     This, for example, is the line that was added for `onionperf`:
     
         %torwww,%metrics		STATICMASTER=(mirroradm)	NOPASSWD: /usr/local/bin/static-master-update-component onionperf.torproject.org, /usr/local/bin/static-update-component onionperf.torproject.org
+
+Removing a component
+====================
+
+ 1. remove the component to Puppet, in `modules/roles/misc/static-components.yaml`
+
+ 2. create the home directory specified on the server (often
+    `staticiforme`, but can be elsewhere)
+
+ 3. remove the host to DNS, if not already present, see [[dns]]. this
+    can be either in `dns/domains.git` or `dns/auto-dns.git`
+
+ 4. remove the Apache virtual host, by removing a line like this in
+    [[puppet]] to
+    `modules/roles/templates/static-mirroring/vhost/static-vhosts.erb`:
+
+        vhost(lines, 'onionperf.torproject.org')
+
+ 5. remove an SSL service, by removing a line in [[puppet]] to
+    `modules/roles/manifests/static_mirror_web.pp`:
+
+        ssl::service { onionperf.torproject.org': ensure => 'ifstatic', notify  => Exec['service apache2 reload'], key => true, }
+
+ 6. remove the Let's encrypt certificate, see [[letsencrypt]] for details
+
+ 7. remove onion service, by removing another `onion::service` line in
+    [[puppet]] to `modules/roles/manifests/static_mirror_onion.pp`:
+
+        onion::service {
+            [...]
+            'onionperf.torproject.org',
+            [...]
+        }
+
+ 8. remove the sudo rules for the role user
+ 
+ 9. consider removing the role user and group in LDAP, if there are no
+    files left owned by that user