There was, at one time, a 'work-around' one could use in the config.php, but think folks eventually had to give up on it
How about you think about this ... let's say that users inside access the server by inside IP address. User edits or adds a link to a file. That link will contain the config.php files wwwroot variable ... such links are concatenated using wwwroot variable from config.php + whatever. That's what gets entered in the database ... link is http(s):/privateIP/blah/blah.
User then goes outside the private network, accesses the Moodle by public IP address (if you used the work-around) and login. They go to the link created when they were inside and click it. Since the link contains a private IP address read from the DB, which is **NON-routeable** on outside Internet, when they click, they'll get errors - cannot find/cannot access.
Even if you attempted to write a fancy re-write rule for your apache server, how does one write the re-write rule that covers both inside and outside?
If public IP -> go to private IP
If private -> go to private IP ... if that's the rule that's called a proxy in apache.
And, as we know, private IP's are **NON-routeable**.
There is one way to avoid it all ... plugin your Moodle server outside the entities boundary firewall and configure the server with a public IP address. You'd need an internal DMZ switch.
But then, that server will have to protect itself ... rely upon it's own firewall and not the private networks firewall. Hmmmm isn't that 'cloud'?
** Easiest ... best way ** ... FQDN both inside and outside.
'spirit of sharing', Ken