Is UDP ports 500 and 4500 needed on the Rancher server host?

Looking at the installation guide there is no mentioning that the host has to have any ports open for the ipsec. If we have SSL termination, the host needs just port 80 and 443 open of course.

I also know that each docker host (rancher node) must have UDP ports 500 and 4500 open for all other docker hosts managed by Rancher for the IPsec and health-checks to work.

But my question is: does the Host where the Rancher server is running need to have udp 500 and 4500 open as well?

No, it does not.

Communication between Server and container hosts (Rancher Node) is via the API.

Correct, the IPSec network is point-to-point between hosts, the rancher/server container does not connect to it.

Health checks are run inside the Network Agents on your hosts, and are scheduled to check from 3 different hosts than the container being checked is on (when possible, num_hosts > 3).