server.xml

<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">

  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />

<!---       sslImplementationName="edu.internet2.middleware.security.tomcat7.DelegateToApplicationJSSEImplementation" -->
  <Service name="Catalina">
    <Connector port="443"
       protocol="org.apache.coyote.http11.Http11AprProtocol"
       SSLEnabled="true"
       scheme="https"
       secure="true"
       maxPostSize="100000"
       SSLCertificateFile="/etc/ssl/certs/server.pem"
       SSLCertificateChainFile="/etc/ssl/certs/server-chain.pem"
       SSLCertificateKeyFile="/etc/ssl/private/server.key"
       SSLCACertificateFile="/opt/shibboleth-idp/credentials/cloudpath-itlab.full.pem"
       SSLVerifyClient="none"
       SSLProtocol="TLSv1.2"
       SSLCipherSuite="ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384"
       SSLHonorCipherOrder="on"
    />

    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               URIEncoding="UTF-8"
               redirectPort="443" />

    <Engine name="Catalina" defaultHost="weblogin.itlab.stanford.edu">

      <Realm className="org.apache.catalina.realm.CombinedRealm">      
        <Realm className="net.unicon.tomcat7.realm.X509AuthenticationBypassingRealm"/>                              
      </Realm>

      <Host name="weblogin.itlab.stanford.edu"
            appBase="webapps"
            unpackWARs="false"
            autoDeploy="false"
            xmlValidation="false"
            xmlNamespaceAware="false">
        <Alias>localhost</Alias>
        <Alias>login.itlab.stanford.edu</Alias>
        <Valve className="org.apache.catalina.valves.AccessLogValve"
               prefix="weblogin_access" suffix=".log"
               pattern='%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i"' />
<!--               pattern="common" /> -->
<!--               pattern='%h %l %u %t "%r" %s %b "%{Accept}i" "%{host}i"' /> -->
        <Valve className="org.apache.catalina.valves.RemoteAddrValve"
               addConnectorPort="true"
               allow="127\.0\.0\.1;80|::1;80|.*;80|.*;443"/>
      </Host>

      <Host name="authz.itlab.stanford.edu"
            appBase="webapps"
            unpackWARs="false"
            autoDeploy="false"
            xmlValidation="false"
            xmlNamespaceAware="false">
        <Valve className="org.apache.catalina.valves.AccessLogValve"
               prefix="authz_access" suffix=".log"
               pattern='%h %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i"' />
<!--               pattern="common" /> -->
<!--               pattern='%h %l %u %t "%r" %s %b "%{Accept}i" "%{host}i"' /> -->
        <Valve className="org.apache.catalina.valves.RemoteAddrValve"
               addConnectorPort="true"
               allow="127\.0\.0\.1;80|::1;80|.*;80|.*;443"/>
      </Host>

    </Engine>

  </Service>

</Server>