Or the hosting provider could offer a turnkey solution.
They could use something like VLAN to isolate that physical server on its own network, put the VLAN behind a firewall, and have an HTTPS reverse proxy that goes through that firewall.
Depending on how their network is built, it might even be possible to make this self-service where you enable a setting in your account and your physical server gets wrapped in this additional layer.
They could use something like VLAN to isolate that physical server on its own network, put the VLAN behind a firewall, and have an HTTPS reverse proxy that goes through that firewall.
Depending on how their network is built, it might even be possible to make this self-service where you enable a setting in your account and your physical server gets wrapped in this additional layer.