So my question is:
Is there a possibility to have something like a Mongo authentication instance running on a VPS, together with fail2ban, which only forwards authenticated requests to a home server MongoDB? The trouble of setting up a whole shared cluster in order to be able to use the mongos router seems a bit overkill for my hobby purpose.
My setup:
I have a home server (no public IP) and a hosted VPS (public IP) both running Ubuntu 22. They are connected via a WireGuard VPN. My MongoDB instance is running on my home server (the vps has very limited storage). Sadly, from my (Windows) Work Laptop I can not connect to the VPN as I am not allowed to install WireGuard (we only have FortiClient available). During Business Trips, I only take that Laptop and also use it for my hobby projects. Nothing fancy, just some python web crawler scripting. There is also nothing important in the DB, hence it's a single instance, no replica set or cluster.
Until recently, I used rinetd to forward a port on my VPS to the MongoDB on my home server through the VPN. The mongodb is password protected. However, the last weeks I have seen a lot of unauthorized access attempts. So much that I temporarily removed the forwarding and installed fail2ban. Sadly I cannot use fail2ban on my homeserver for the mongodb because of the forwarding on the VPS, all access to the mongodb seems to come directly from my VPS and I would just lock myself out.
Currently, I am running a VM on the Laptop in order to connect to the VPN, but this is incredibly unperformant and no fun to work with.
Any ideas on how to solve this? I appreciate all suggestions.
