I have been pondering the same question for a good while - as I wanted to secure the data on my server with encryption in case it gets stolen - but, also, to be able to cope with the server restarting automatically. I abviously can't be in front of it to type a passphrase when it restarts. Nor is there any point in leaving something like a usb memory stick plugged in all the time, with the keys on it in case it reboots.
What I ended up doing is the following:
1. Store all confidential/personal data under /srv. For example, Dovecot stores all my imap emails in /srv/dovecot, Samba keeps all the shares under /srv/samba and so on.
2. Keep all this stuff on another partition (/dev/sda3 in my case) which is encrypted (so it is actually /dev/mapper/lukssda3 after LUKS unlocks it).
3. Mount /dev/mapper/lukssda3 under /srv.
4. Change services/software/daemons which store data under /srv to manual start, so they don't start automatically during boot - when there would be no /srv available and mounted.
During boot, the server restarts fine - it just doesn't mount /srv or start things like imap, samba and my Asterisk server. However, everything else starts just fine, including openvpn. All I have to do is login remotely, unlock the encrypted partition with a passphrase, mount it and start the necessary services.
It is not a fully automatic solution, but as the server is on a UPS and power cuts are very rare around here - having to login remotely to start services after a reboot would be a rare event.
On the other hand - if somebody happens to steal the server - they would just get access to the run-off-the-mill part of the system - which doesn't contain any sensitive data. I can jut re-create my OpenVPN CA and new certificates - so even that is not a problem.
If you want to be extra cautious - you can even tell LUKS to encrypt the swap.
At least that's what I came up with. I would actually be glad if somebody could point out any weaknesses in this particular arrangement. It is obviously not designed to protect against somebody trying to gain access from the Internet, or somebody sitting in front of the server and taking their time (although if they reboot it, the partition would be locked). Those are different matters, to be dealt with other tools.
Hope the above helps.