diff --git a/src/applications/repository/storage/PhabricatorRepository.php b/src/applications/repository/storage/PhabricatorRepository.php
--- a/src/applications/repository/storage/PhabricatorRepository.php
+++ b/src/applications/repository/storage/PhabricatorRepository.php
@@ -2078,7 +2078,13 @@
       PhabricatorRepositoryURI::BUILTIN_IDENTIFIER_ID => true,
     );
 
-    $allow_http = PhabricatorEnv::getEnvConfig('diffusion.allow-http-auth');
+    // If the view policy of the repository is public, support anonymous HTTP
+    // even if authenticated HTTP is not supported.
+    if ($this->getViewPolicy() === PhabricatorPolicies::POLICY_PUBLIC) {
+      $allow_http = true;
+    } else {
+      $allow_http = PhabricatorEnv::getEnvConfig('diffusion.allow-http-auth');
+    }
 
     $base_uri = PhabricatorEnv::getURI('/');
     $base_uri = new PhutilURI($base_uri);
diff --git a/src/applications/repository/storage/PhabricatorRepositoryURI.php b/src/applications/repository/storage/PhabricatorRepositoryURI.php
--- a/src/applications/repository/storage/PhabricatorRepositoryURI.php
+++ b/src/applications/repository/storage/PhabricatorRepositoryURI.php
@@ -379,14 +379,40 @@
   }
 
   private function getForcedPort() {
-    switch ($this->getBuiltinProtocol()) {
-      case self::BUILTIN_PROTOCOL_SSH:
-        return PhabricatorEnv::getEnvConfig('diffusion.ssh-port');
-      case self::BUILTIN_PROTOCOL_HTTP:
-      case self::BUILTIN_PROTOCOL_HTTPS:
-      default:
+    $protocol = $this->getBuiltinProtocol();
+
+    if ($protocol == self::BUILTIN_PROTOCOL_SSH) {
+      return PhabricatorEnv::getEnvConfig('diffusion.ssh-port');
+    }
+
+    // If Phabricator is running on a nonstandard port, use that as the defualt
+    // port for URIs with the same protocol.
+
+    $is_http = ($protocol == self::BUILTIN_PROTOCOL_HTTP);
+    $is_https = ($protocol == self::BUILTIN_PROTOCOL_HTTPS);
+
+    if ($is_http || $is_https) {
+      $uri = PhabricatorEnv::getURI('/');
+      $uri = new PhutilURI($uri);
+
+      $port = $uri->getPort();
+      if (!$port) {
+        return null;
+      }
+
+      $uri_protocol = $uri->getProtocol();
+      $use_port =
+        ($is_http && ($uri_protocol == 'http')) ||
+        ($is_https && ($uri_protocol == 'https'));
+
+      if (!$use_port) {
         return null;
+      }
+
+      return $port;
     }
+
+    return null;
   }
 
   private function getForcedPath() {
diff --git a/src/docs/user/userguide/diffusion_uris.diviner b/src/docs/user/userguide/diffusion_uris.diviner
--- a/src/docs/user/userguide/diffusion_uris.diviner
+++ b/src/docs/user/userguide/diffusion_uris.diviner
@@ -173,14 +173,16 @@
 **HTTP**: The `http://` clone URI will be available if these conditions are
 satisfied:
 
-  - `diffusion.allow-http-auth` must be enabled.
+  - `diffusion.allow-http-auth` must be enabled or the repository view policy
+    must be "Public".
   - The repository must be a Git or Mercurial repository.
   - `security.require-https` must be disabled.
 
 **HTTPS**: The `https://` clone URI will be available if these conditions are
 satisfied:
 
-  - `diffusion.allow-http-auth` must be enabled.
+  - `diffusion.allow-http-auth` must be enabled or the repository view policy
+    must be "Public".
   - The repository must be a Git or Mercurial repository.
   - The `phabricator.base-uri` protocol must be `https://`.