Uhhh ... 'owner of the shared hosting ...' and '...I can do whatever..' isn't a minor detail one should omit in such a question ... me thinks.'
Better way? .... Yep ... I can think of a couple .. with a lot less programming and 'special' ... maybe not so secure .... java app involved.
Since you control everything on the server where hosted, set up a 'virtual apache' instance by a fully qualified domain name that doesn't exist in public DNS ('stealth?)! Moodle does require matching access by IP or FQDN (stealth) in config.php of the site.
The 'client' would have to have the ability to edit their local host file so they could map the public IP of the 'stealth' instance to the FQDN.
Host file entry would look like:
X.X.X.X unkownttointernet.mysuperstealhydomain.com stealthymoodle
Once saved, client opens browser, uses
To secure that more ... run it https with a cert for mysuperstealhydomain.com where you have a true CA (not other commercial) setup for it.
Moodle has nothing showing on front page ... all users must login to view and the contents of the Moodle.
The other ... a VPN on your end that client has info/credentials to.
Kinda like 'pick your poison' ... and be aware of your own 'antedote' isn't it?
But still don't total understand why? Moodle designed to be multiple user and accessible. Unless this moodle is to be for '_insert_your_nations_super_secret_entity_that_spies_on_everyone_'!
So I don't get it ... sorry! :|