There's quite a bit to read, and the information you require is spread across several links: (also there may be other ways to encrypt)
I haven't done full system encryption, but I do have several internal encrypted drives.
This is a rough step by step:
- Read above link and the links it contains.
- Securely wipe, I use dmcrypt and dd from /dev/zero.
- Encrypt with luks.
- Add keyfile if needed, backup header.
- Create filesystem.
- Copy data over.
securely erasing the drive
If the drive is to be connected all the time and mounted at boot:
(I haven't tried this with a USB drive)
- Edit /etc/crypttab.
- Edit /etc/fstab
If it gets moved about you'll need to unlock and mount it manually, or by clicking on it in a file manager and entering your password.
You should read the rest of it too, including /Specialties, particularly if it's an SSD.
Integrating it with emby is up to you, but it's transparent once it's unlocked and mounted it's just a mounted filesystem like any other.
If in doubt ask.
Just to clarify, there would be more steps for full disk encryption, but you've probably already seen that from the link. This is just for the external disk.