The last two points are not valid. You can have https without exposing to the internet. You can create a SSH tunnel that will allow you to browse to the server on localhost, without having a GUI on the server
Anyway, search “allow user-defined passwords” and turn that on. Then you can set a custom remote admin password