Maybe connect the servers to the network via VPN? VPN listens on the port specified in the config. What traffic to let through the VPN can be configured with a firewall (for example, iptables). And you can start up all traffic through VPN. In order to combine servers into a VPN network, you need to choose which of the servers will be the "central" one - the VPN server. Let him issue certificates to the rest.

Modery, close this Hitler already.
In the post, the mat, in the question "sites of black subjects", there is rubbish in my head.
Do you mind messing with it yourself?

As already recommended above, one of the possible solutions is to organize a VPN between the servers and your admin machine. Keyword for Google OpenVPN, then head + hands to help you.
As the second option, if the topic is "dark", then most likely it requires increased protection from your deanonymization. Here, take a look at the Tor network and its bulbous routing. Technically - raise a relay-node (this is a word for Google) on your servers and you will be happy. There is only one catch here - your resource will only be visible in the onion space.
As for ports - yes, in fact, a web server and OpenVPN can be put on any ports. I won’t tell you the details, but for example, almost all hosting providers put apache from the standard port 80 to 8080, and nginx puts it on 80 itself. For other applications, this should not be a problem.

VPN, https, ip restriction, authorization by certificates. Pick any 2 and match.