The backend haproxy must not handle the arbitrary variable Remote-User from headers.

It isn't implemented authentication on this backend, so this setting is irrelevant by default.

The proper way to handle authentication is use a trustfull frontend that will set this variable after properly authenticate the certificate and extract the user.