From a quick glance at this configuration there are a number of things wrong with it:
- you cannot terminate ssl and then forward it to OpenVPN. OpenVPN needs to handle crypto on it’s own, you are interferening with it, and it will never work that way
- you cannot access HTTP field in a frontend that is in TCP mode
I would also strongly suggest that you don’t fiddle with those paths (/nextcloud, /cam3, /cam2, etc). It is extremely error prone, and your backends application may refer to absolute paths, which then fail, etc.
You need a layered approach, where you don’t terminate SSL on your primary frontend, you use SNI to differentiate between different backend applications (with different hostnames) and default_backend to openvpn.
Check this post for an example of how to use a 2 layered approach: