This is currently how I have my CAS 5.2 install setup. We use Apache as the SSL handler because it is usually more up to date cipher wise than Tomcat. The setup isn't too difficult, you just need to enable mod_proxy, mod_proxy_html, rewrite, and ssl in apache. Then you want to create a vhost like the one attached with your values plugged in.
After that you want to let tomcat know that you're using a proxy by setting up your connector like so in server.xml:
<Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol"
connectionTimeout="20000"
URIEncoding="UTF-8"
server="Apache"
address="127.0.0.1"
maxThreads="150"
proxyPort="443"
proxyName="<your server fqdn here>"
scheme="https"
secure="true"/>
you also want to setup a valve for your proxy setup in server.xml. Put your servers IP in the regex for internalProxies
<!-- Get client IP from proxy -->
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127\.0\.0\.1|10\.0\.0\.23"
remoteIpHeader="x-forwarded-for"
protocolHeader="x-forwarded-proto"
requestAttributesEnabled="true" />
That should get you off to a good start. You may also want to default all your traffic to SSL by creating a rewrite rule in the 000-default.conf file for apache.
--Mike K.