Suppose you have already enabled IP forwarding (e.g. with sysctl) on your "droplet", then you just go ahead and configure "port forwarding" (i.e. Destination NAT) with iptables. Say the public IP is 123.123.123.123:

iptables -t nat -A PREROUTING -i eth0 -d 123.123.123.123 -p tcp --dport 8080 -j DNAT --to-destination 10.8.0.2:80

The -i eth0 part is sort of optional. It limits the DNAT to traffics from a certain Ethernet interface. You should either omit that or change eth0 to the name of the Ethernet interface of your droplet.

If you want the DNAT to work on the server itself as well (for testing or whatever reason), you would need to add similar rule to the OUTPUT chain as well:

iptables -t nat -A OUTPUT -d 123.123.123.123 -p tcp --dport 8080 -j DNAT --to-destination 10.8.0.2:80

Note that this obviously would apply only to the destination 123.123.123.123 (but not 127.0.0.1 or whatsoever).

If your local PC does not use the droplet as its default gateway when it is connected to the VPN (e.g. redirect-gateway is neither in the user conf / ovpn nor pushed by the server), then you will need to do Source NAT for the redirected traffics as well, otherwise the PC will reply "directly" (i.e. via its LAN gateway) and no reverse NAT would then be done by the droplet's iptables for the DNAT. The http clients will then have no idea that they are actually replies for the requests they made to 123.123.123.123:80. Therefore, add the following rule additionally if that is the case:

iptables -t nat -A POSTROUTING -o tun0 -d 10.8.0.2 -p tcp --dport 80 -j SNAT --to-source 10.8.0.1

Similarly, the -o tun0 part is also sort of optional. So either omit it or change tun0 to the name of the tun interface of the VPN server.

If the iptables of the droplet limits forwarding, with for example DROP as the policy of the FORWARD chain, you will need to add an exception for this. For example:

iptables -A FORWARD -i eth0 -o tun0 -d 10.8.0.2 -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

Assuming you already have:

iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

By the way, obviously you would want to make sure that your local PC always get 10.8.0.2 (for example, with ifconfig-push in a CCD file for its CN, unless it's a one-to-one server configured with simply secret).

P.S. This answer assumes the droplet has the public IP directly configured on one of its network interface. If it is not the case (for example, some router is doing some NAT for it, for whatever reason), make sure you use the private IP configured on it (i.e. as seen in ip a) in the rules instead of the public one you use to access it. And in that case, it's not guaranteed to work anyway.

EDIT: Just noticed that you said you want to forward port 8080 of the server. Yet it's unknown that whether you want to forward to port 80 or 8080 of the PC, so 80 is assumed. (If it's also 8080, just omit :80 in --to-destination of the PREROUTING and OUTPUT rules and change 80 to 8080 in --dport of the POSTROUTING and FORWARD rules.)

As OpenVPN runs a network level (IP) based connection and you are after a transport (TCP) based forwarding, its better to handle the specific service.

You can run nginx as a reverse proxy on your public service and get it to use your local service specified as proxy_pass http://10.8.0.2:8080.