So, I found this login for TFS 1.x:
Milice/forgottenloginserver
But the problem is, it doesn't support server status. So if you put your main domain (where AAC and login server is) on otservlist, then it won't be able to pull status from the server (how many players, map etc). So still, a better option would be to use a proxy.
I would do this like this:
main domain: here run your OTS server. And redirect all traffic incoming to port :80 (http) to subdomain. You can use nginx for this. Its very easy to configure.
subdomain: here run your website.