Scotch Box: A Vagrant LAMP Stack That Just Works

Just a dead-simple local Vagrant LAMP stack for developers

I discovered Scotch Box recently, brought to us by the folks at It actually looks like Nicholas Cerminara has done most of the work, or as least done all of the committing to GitHub. Here’s the Scotch Box announcement at the blog.

After using Scotch Box for a day, I’ve decided this is how I will do all future development work. It’s so easy, and you really don’t need to know much about Vagrant or VirtualBox to get up and running with Scotch Box.

Scotch Box has a repository setup at GitHub that explains how to make use of Scotch Box. Basically, just clone the repository, and then run vagrant up inside that repo.

Scotch Box is currently running Ubuntu 12.04.5. Here’s a bit from the Scotch Box readme:

Scotch Box is a preconfigured Vagrant Box with a full array of LAMP Stack features to get you up and running with Vagrant in no time.

A lot of PHP websites and applications don’t require much server configuration or overhead at first. This box should have all your needs for doing basic development so you don’t have to worry about configuring Vagrant and you can simply focus on your code.

No provisioning tools or setup is really even required with Scotch Box. Since everything is packaged into the box, running “vagrant” is super fast, you’ll never have to worry about your environment breaking with updates, and you won’t need Internet to code.

Do you use Vagrant?

View Results

Loading ... Loading ...

Bringing Scotch Box Up

Once you’ve run vagrant up, you’ll be able to access your site at, you should see something similar to the image below.

Useful Stuff in Scotch Box

  • PHP 5.5
  • No Internet connection required
  • PHP errors turned on
  • Laravel and WordPress ready (and others)
  • Operating System agnostic
  • Goodbye XAMPP / WAMP
  • New Vagrant version? Update worry free. ScotchBox is very reliable with a lesser chance of breaking with various updates
  • Bootstrap and jQuery are saved in the server’s home folder in case you don’t have Internet (usually plains, trains or cars)
  • Chef and Puppet ready in case you want to add extra features on Vagrant Up
  • Super easy database access and control
    MIT License

Server Components Included

  • Apache
  • Vim
  • MySQL
  • PHP 5.5
  • Git
  • Screen
  • Composer
  • cURL
  • GD and Imagick
  • Mcrypt
  • Memcache and Memcached

Front End Stuff Included

  • NPM
  • Grunt
  • Bower
  • Yeoman
  • Gulp

You can SSH to your server as well, by running vagrant ssh. Upon logging in via SSH you’ll see something similar to the image below.

Scotch Box is in its infancy still. It’s initial commit to GitHub was on October 6, 2014 and has about 10 commits in total.

Updating Scotch Box is easy too. To check for an updated version with Vagrant, do vagrant box outdated. That will tell you if there’s a newer version available. If there is a newer version available, you can update to it by running vagrant box update.

Head to the official Scotch Box website for more information on setting up databases, setting a hostname, and for more details on updating the box. Some basic Vagrant commands are also included to help you with basic Vagrant usage (ie: pausing, resuming, or destroying a server).

If you’re a LAMP developer like I am, and are tired of developing on your client’s dev servers, Scotch Box could be a good solution for you to develop locally. It’s sometimes much easier to develop locally then having to rely on a slow dev server provided by your client. :)

All the images in this post are included in the gallery below.


Send Apache Logs to Papertrail With Rsyslog

Over the last few days, I’ve been looking at Apache web server logs, a lot, mostly quick checks for Shellshock probes and exploit attempts. All on client servers, thankfully. All of the servers I operate through DigitalOcean are patched up. It just so happens that all the sites I host have their DNS hosted by Cloudflare, which has been blocking all Shellshock attempts.

A majority of my sites send their Apache logs to Papertrail. Having all my apache logs easily accessible and searchable is extremely nice. It’d make sniffing out Shellshock attempts quite simple. You can check for Shellshock attempts relatively easily from the command line, as well, something like the command below would work:

1. Setup Rsyslog to Send to Papertrail

Anyway, sending Apache logs to Papertrail is pretty easy. I’m going to assume you’ve already setup rsyslog to send logs to Papertrail. If not, this post should help.

2. Add CustomLog Directive To Your VirtualHost

You just need to modify your virtualhost configuration and add a CustomLog directive. Here’s what I do to send logs to Papertrail:

The -t httpd piece sets the service name for Papertrail. The -p flag sets the priority. You’ll want to change the piece in the above code to whatever site you’re capturing logs for. You can also change or remove apache that immediately follows

3. Reload Apache

After you’ve added the CustomLog directive to your virtualhost, you’ll want to reload Apache:

That’s all there is to it. You should start seeing your Apache logs in Papertrail shortly after reloading Apache.

Automate Taking Snapshots of Your DigitalOcean Droplets with DOSnapshot

Multi-threading. Auto-cleanup. Cron optimized.

There are a lot of neat tools people have built for DigitalOcean.

The app I’m really in love with is DOSnapshot, and is hosted on GitHub. DOSnapshot does exactly what its name would suggest, it takes snapshots of your droplets.

As of this post, I’m the only one that’s left a comment on the DOSnapshot Community Projects page, which took me a bit by surprise, given the quality of the tool.

Taking a snapshot of a DigitalOcean Droplet is essentially like making an exact copy of the Droplet (server) that you can then use again at a later time. Very useful for scaling and updating a Droplet to a newer version of your Linux distribution without losing all of the Droplet’s configuration.

Etel Sverdlov does a very good job of explaining the difference between snapshots and backups in this DigitalOcean community tutorial. I suggest you read it if you’re unsure what the differences between a backup and snapshot are.

1. Install DOSnapshot

DOSnapshot can be installed as a ruby gem, which is what I chose to do because it’s just so easy. Don’t install this on your DigitalOcean Droplet! It’s meant to run from your local machine. Installing DOSnapshot as a Rubygem is as simple as:

Pre-built binaries are also provided for Linux users, and OSX users have the option of installing via Homebrew Tap.

2. Set Your DigitalOcean Client ID and API Key

Once you’ve got it installed, you’ll need to set your DigitalOcean Client ID and API Key. You can set them as environment variables, or you can pass them as parameters when actually running DOSnapshot. This is straight from the README:

First you may need to set DigitalOcean API keys:


If you want to set keys without environment, than set it via options when you run do_snapshot:

$ do_snapshot –digital-ocean-client-id YOURLONGAPICLIENTID –digital-ocean-api-key YOURLONGAPIKEY

3. Take A Snapshot

Please remember that running the do_snapshot command will cause your droplet to shutdown so the snapshot can be taken.

DOSnapshot has a pretty large number of options that you can specify. I’m going to keep this simple so you get the basics of it. Learning a few of the main options will be mostly what you need to know, after you’ve got them figured out, setting up a cronjob is cake.

You can take snapshots of all of your droplets at once, you can specify which droplets to take snapshots of, and you can specify droplets that you don’t want to take a snapshot of. I typically take a snapshot of a single droplet at a time, and I do it like this:

The above will take a snapshot of only one droplet, a droplet with an ID of 1111, replace 1111 with the ID of your droplet. You can find your droplets ID in your browser URL bar while managing the droplet. So if you see, your droplet’s ID is 1234567.

Here’s all of the options.

4. Scheduling With Cron

First, you must have cron installed. There’s plenty of tutorials on how to do that. That tutorial even explains how to configure a cron job using the crontab utility. There’s an example crontab entry in the DOSnapshot README. Mine is pretty simple:

If you have questions about setting any of this up, feel free to leave a comment!

Monitor SSH Activity on Your Server with Papertrail & Saved Searches

Search for common phrases related to SSH logins

Papertrail is good for all types of things, I especially enjoy it because it makes finding problems quite easy. Another fun thing to do with Papertrail is see how many people are trying to either login to your server via ssh, or attack sshd itself.

Find Potential Break-In Attempts

You can save searches in Papertrail, which makes finding certain events extremely easy. When I want to see potential break-in attempts, I have a saved search for not listed in AllowUsers. My server names have been blacked out in the image below.

Show All sshd Associated Event Logs

To see all events associated with sshd, you can save a search for program:sshd. This will show all log entries generated by sshd. Again, server names have been censored.

Papertrail has groups that you can put your servers into. Saved searches can be applied to a specific group of servers, or all servers. It’s really quite nice, especially if you have a server that almost nobody ever logs in to. Papertrail also lets you know the last time a log message was received from a server. For most servers, the last log event will have been moments ago.

Receive Alerts for Saved Searches

One of the best features are the alerts on saved searches. If you have a server that nobody but you logs into but you, you can setup an alert for when someone logs in via SSH. Most of the time the alert will just be you logging in, but this is excellent information to have if someone else does manage to login. Someone could have obtained your private key or your password.

You can specify the minimum number of events needed before the alert is activated. I’ve got an alert setup that sends me an email after my public key has been accepted 20 times. The alert is sent once an hour. I have the minimum number of events so high because I login frequently with FileZilla and make small edits to files, which causes a lot of SSH logins.

If you have to manage any servers at all, you might as well give Papertrail a try. They have a free plan that lasts forever. If you find that you need more than 100MB of log storage space, you can get 1GB for $5 per month, which is plenty for most folks. $5 only includes 1 day of log retention, $7 per month gets you a week of log retention.

Install Tarsnap On a DigitalOcean VPS or Any Ubuntu 14.04 or Newer System

Securely and remotely backup your server using Tarsnap

Tarsnap is a great service. It’s extremely affordable and secure. I mentioned it briefly in my previous post about MySQL backups.

Tarsnap is only $0.25 / GB-month for storage and $0.25 / GB for bandwidth, which is extremely affordable. You can add funds to your account whenever you like, which is also very nice. Your initial fund deposit must be at least $5. You can signup for a Tarsnap account here.

Installing it on a stock Ubuntu 14.04 LTS installation requires some additional steps to get everything working nicely.

1. Install dependencies

2. Install Tarsnap

Download Tarsnap, I do it like this with wget:

Now we need to extract, configure, and compile Tarsnap.

3. Configure Tarsnap

First, copy the example config to the live config:

If you receive an error with that command, like mkdir: cannot create directory , ignore it and continue on.

Next, we need to generate a tarsnap key for your machine. I like to keep my tarsnap key in my home directory, so I run something like this:

You’ll be prompted for your Tarsnap password when running tarsnap-keygen.

Now, edit the tarsnap.conf file:

Point the keyfile directive to the key file we created a couple steps ago. The top of your tarsnap.conf file should look similar to this now:

4. Use Tarsnap to Make a Backup

You’ll want get familiar with the Tarsnap manpages. To create your first archive, with a name of servername-20140805, do this:

That will backup the /home/youruser folder to Tarsnap! Depending on the size of the backup and speed of your connection, it could take quite some time to finish the backup.

Below is the output of tarsnap –help, if you’re interested.

You can read more about Tarsnap at their homepage, They also have a page describing their infrastructure setup, which is kinda neat. Tarsnap also runs a bug bounty program.

I’ve only tested this on DigitalOcean VPS’s running Ubuntu 14.04 x64, but it should work on most Ubuntu variants.

Did I miss something or get something totally wrong? If so, please let me know, the comments are open!