We're starting to deploy devpi at our company. We want to have a production instance of devpi that lives in our colo/the cloud, and then have developers run devpi locally and have a mirror of the production instance.  Since, devpi will host our internally developed packages, we want some level of authentication/authorization in order to install packages from devpi (i.e. and not have devpi be completely public).  Thus, I'm curious, how do most companies deploy devpi with authentication/authorization such that local developers can easily access the colo/cloud hosted instance of devpi when installing with pip?  Do you use a VPN?  Do you put devpi behind nginx?  Do you use devpi-ldap?  Something else completely?